osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
wireshark/epan/conversation.h

511 lines
21 KiB
C
Raw Normal View History

Generalize the "ip_src" and "ip_dst" members of the "packet_info" structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst" addresses, where an address is an address type, an address length in bytes, and a pointer to that many bytes. "dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}" are the network-layer source/destination; "{src,dst}" are the source/destination from the highest of those two layers that we have in the packet. Add a port type to "packet_info" as well, specifying whether it's a TCP or UDP port. Don't set the address and port columns in the dissector functions; just set the address and port members of the "packet_info" structure. Set the columns in "fill_in_columns()"; this means that if we're showing COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate the string from "src" or "dst", we don't generate a string for the link-layer address and then overwrite it with a string for the network-layer address (generating those strings costs CPU). Add support for "conversations", where a "conversation" is (at present) a source and destination address and a source and destination port. (In the future, we may support "conversations" above the transport layer, e.g. a TFTP conversation, where the first packet goes from the client to the TFTP server port, but the reply comes back from a different port, and all subsequent packets go between the client address/port and the server address/new port, or an NFS conversation, which might include lock manager, status monitor, and mount packets, as well as NFS packets.) Currently, all we support is a call that takes the source and destination address/port pairs, looks them up in a hash table, and: if nothing is found, creates a new entry in the hash table, and assigns it a unique 32-bit conversation ID, and returns that conversation ID; if an entry is found, returns its conversation ID. Use that in the SMB and AFS code to keep track of individual SMB or AFS conversations. We need to match up requests and replies, as, for certain replies, the operation code for the request to which it's a reply doesn't show up in the reply - you have to find the request with a matching transaction ID. Transaction IDs are per-conversation, so the hash table for requests should include a conversation ID and transaction ID as the key. This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses transparently (and should allow the SMB decoder to handle NetBIOS atop other protocols as well, if the source and destination address and port values in the "packet_info" structure are set appropriately). In the "Follow TCP Connection" code, check to make sure that the addresses are IPv4 addressses; ultimately, that code should be changed to use the conversation code instead, which will let it handle IPv6 transparently. svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
/* conversation.h
* Routines for building lists of packets that are part of a "conversation"
*
name change svn path=/trunk/; revision=18197
2006-05-21 05:12:17 +00:00
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
Generalize the "ip_src" and "ip_dst" members of the "packet_info" structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst" addresses, where an address is an address type, an address length in bytes, and a pointer to that many bytes. "dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}" are the network-layer source/destination; "{src,dst}" are the source/destination from the highest of those two layers that we have in the packet. Add a port type to "packet_info" as well, specifying whether it's a TCP or UDP port. Don't set the address and port columns in the dissector functions; just set the address and port members of the "packet_info" structure. Set the columns in "fill_in_columns()"; this means that if we're showing COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate the string from "src" or "dst", we don't generate a string for the link-layer address and then overwrite it with a string for the network-layer address (generating those strings costs CPU). Add support for "conversations", where a "conversation" is (at present) a source and destination address and a source and destination port. (In the future, we may support "conversations" above the transport layer, e.g. a TFTP conversation, where the first packet goes from the client to the TFTP server port, but the reply comes back from a different port, and all subsequent packets go between the client address/port and the server address/new port, or an NFS conversation, which might include lock manager, status monitor, and mount packets, as well as NFS packets.) Currently, all we support is a call that takes the source and destination address/port pairs, looks them up in a hash table, and: if nothing is found, creates a new entry in the hash table, and assigns it a unique 32-bit conversation ID, and returns that conversation ID; if an entry is found, returns its conversation ID. Use that in the SMB and AFS code to keep track of individual SMB or AFS conversations. We need to match up requests and replies, as, for certain replies, the operation code for the request to which it's a reply doesn't show up in the reply - you have to find the request with a matching transaction ID. Transaction IDs are per-conversation, so the hash table for requests should include a conversation ID and transaction ID as the key. This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses transparently (and should allow the SMB decoder to handle NetBIOS atop other protocols as well, if the source and destination address and port values in the "packet_info" structure are set appropriately). In the "Follow TCP Connection" code, check to make sure that the addresses are IPv4 addressses; ultimately, that code should be changed to use the conversation code instead, which will let it handle IPv6 transparently. svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
* Copyright 1998 Gerald Combs
Removed trailing whitespaces from .h and .c files using the winapi_cleanup tool written by Patrik Stridvall for the wine project. svn path=/trunk/; revision=6116
2002-08-28 20:41:00 +00:00
*
epan: use SPDX indentifiers. Skipping dissectors dir for now. Change-Id: I717b66bfbc7cc81b83f8c2cbc011fcad643796aa Reviewed-on: https://code.wireshark.org/review/25694 Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-02-08 16:59:17 +00:00
* SPDX-License-Identifier: GPL-2.0-or-later
Generalize the "ip_src" and "ip_dst" members of the "packet_info" structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst" addresses, where an address is an address type, an address length in bytes, and a pointer to that many bytes. "dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}" are the network-layer source/destination; "{src,dst}" are the source/destination from the highest of those two layers that we have in the packet. Add a port type to "packet_info" as well, specifying whether it's a TCP or UDP port. Don't set the address and port columns in the dissector functions; just set the address and port members of the "packet_info" structure. Set the columns in "fill_in_columns()"; this means that if we're showing COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate the string from "src" or "dst", we don't generate a string for the link-layer address and then overwrite it with a string for the network-layer address (generating those strings costs CPU). Add support for "conversations", where a "conversation" is (at present) a source and destination address and a source and destination port. (In the future, we may support "conversations" above the transport layer, e.g. a TFTP conversation, where the first packet goes from the client to the TFTP server port, but the reply comes back from a different port, and all subsequent packets go between the client address/port and the server address/new port, or an NFS conversation, which might include lock manager, status monitor, and mount packets, as well as NFS packets.) Currently, all we support is a call that takes the source and destination address/port pairs, looks them up in a hash table, and: if nothing is found, creates a new entry in the hash table, and assigns it a unique 32-bit conversation ID, and returns that conversation ID; if an entry is found, returns its conversation ID. Use that in the SMB and AFS code to keep track of individual SMB or AFS conversations. We need to match up requests and replies, as, for certain replies, the operation code for the request to which it's a reply doesn't show up in the reply - you have to find the request with a matching transaction ID. Transaction IDs are per-conversation, so the hash table for requests should include a conversation ID and transaction ID as the key. This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses transparently (and should allow the SMB decoder to handle NetBIOS atop other protocols as well, if the source and destination address and port values in the "packet_info" structure are set appropriately). In the "Follow TCP Connection" code, check to make sure that the addresses are IPv4 addressses; ultimately, that code should be changed to use the conversation code instead, which will let it handle IPv6 transparently. svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
*/
Uwe Girlich's ONC RPC and NFS dissectors. svn path=/trunk/; revision=945
1999-10-29 01:04:44 +00:00
#ifndef __CONVERSATION_H__
#define __CONVERSATION_H__
Export libwireshark symbols using WS_DLL_PUBLIC define Also remove old WS_VAR_IMPORT define and related Makefile magic everywhere in the project. svn path=/trunk/; revision=47992
2013-03-01 23:53:11 +00:00
#include "ws_symbol_export.h"
Move more headers outside extern "C". If a header declares a function, or anything else requiring the extern "C" decoration, have it wrap the declaration itself; don't rely on the header itself being included inside extern "C".
2021-03-16 09:36:10 +00:00
#include "packet.h" /* for conversation dissector type */
Move epan/wmem/wmem_scopes.h to epan/ This header was installed incorrectly to epan/wmem_scopes.h. Instead of creating additional installation rules for a single header in a subfolder (kept for backward compatibility) just rename the standard "epan/wmem/wmem.h" include to "epan/wmem_scopes.h" and fix the documentation. Now the header is installed *correctly* to epan/wmem_scopes.h.
2021-07-26 00:31:17 +00:00
#include <epan/wmem_scopes.h>
Move more headers outside extern "C". If a header declares a function, or anything else requiring the extern "C" decoration, have it wrap the declaration itself; don't rely on the header itself being included inside extern "C".
2021-03-16 09:36:10 +00:00
Put #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ ... #ifdef __cplusplus } #endif /* __cplusplus */ wrappers into some header files, for the benefit of C++ plugins. Also, add multiple-include protections. svn path=/trunk/; revision=20485
2007-01-18 18:43:30 +00:00
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
/**
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
* @file
* The conversation API lets you correlate packets based on values in a
* packet, typically address+port tuples. You can search for conversations
* based on their value tuples and attach data to them.
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
*/
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
/**
Rename the arguments and flags for the conversation routines, so as not to imply that 1) conversations have source and destination addresses and ports - they don't (if they did, they'd be monologues, not conversations), they just have two address/port pairs for the two endpoints, with one or more of the address or port in the second pair possibly being wildcarded; 2) the first and second address or port argument to "find_conversation()" or "try_conversation_dissector()" have anything to do with the first or second address/port pair in a conversation - they don't, the two arguments to those routines are matched against *both* address/port pairs for a conversation; as otherwise people might think that they need to add flags to wildcard the first arguments "conversation_new()" or "find_conversation()" (they don't, they just have to pass the non-wildcarded address/port first and then pass the wildcarded one, even if that means passing the destination first and source second). svn path=/trunk/; revision=3537
2001-06-10 09:50:20 +00:00
* Flags to pass to "conversation_new()" to indicate that the address 2
* and/or port 2 values for the conversation should be wildcards.
From Peter Johansson: "template" conversations - if one is recognized, the template is left around, and a new conversation is created with the wildcards in the template un-wildcarded. svn path=/trunk/; revision=12757
2004-12-15 09:25:48 +00:00
* The CONVERSATION_TEMPLATE option tells that any of the other supplied
* port and / or address wildcards will be used to match an infinite number
* of new connections to the conversation(s) that have the CONVERSATION_-
* TEMPLATE flag set. Any conversation created without the CONVERSATION_-
* TEMPLATE flag will be altered once the first connections (connection
* oriented protocols only) to include the newly found information which
* matched the wildcard options.
Rename the arguments and flags for the conversation routines, so as not to imply that 1) conversations have source and destination addresses and ports - they don't (if they did, they'd be monologues, not conversations), they just have two address/port pairs for the two endpoints, with one or more of the address or port in the second pair possibly being wildcarded; 2) the first and second address or port argument to "find_conversation()" or "try_conversation_dissector()" have anything to do with the first or second address/port pair in a conversation - they don't, the two arguments to those routines are matched against *both* address/port pairs for a conversation; as otherwise people might think that they need to add flags to wildcard the first arguments "conversation_new()" or "find_conversation()" (they don't, they just have to pass the non-wildcarded address/port first and then pass the wildcarded one, even if that means passing the destination first and source second). svn path=/trunk/; revision=3537
2001-06-10 09:50:20 +00:00
*/
#define NO_ADDR2 0x01
#define NO_PORT2 0x02
From Dinesh Dutt: - conversation.[ch] - To support not setting port2 on matching a conversation. This is used by protocols such as iSNS in which the client registers a TCP/UDP port with the server for notifications and the server sends notifications to this port from different source ports. - packet-isns.c - Added support for handling zero-length TLVs and ESI & SCN frames (when registering an SCN/ESI port, a conversation dissector is setup). svn path=/trunk/; revision=11320
2004-07-06 19:01:32 +00:00
#define NO_PORT2_FORCE 0x04
From Peter Johansson: "template" conversations - if one is recognized, the template is left around, and a new conversation is created with the wildcards in the template un-wildcarded. svn path=/trunk/; revision=12757
2004-12-15 09:25:48 +00:00
#define CONVERSATION_TEMPLATE 0x08
IPv4: Implementation of conversations with stream identifiers
2023-12-05 14:36:01 +00:00
#define NO_PORTS 0x010
Revert "Create an extended converstaion hastable taking more address information into consideration. This makes it possible to differentiate between packets on different vlans and can be expanded to handle tunnels." This reverts commit f80e9df7939be9d88062718d6c15fa2983e5e605. Change-Id: I7877b250d479c30209cfe74351069d54359757b5 Reviewed-on: https://code.wireshark.org/review/13825 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-02-08 16:32:41 +00:00
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
/**
Rename the arguments and flags for the conversation routines, so as not to imply that 1) conversations have source and destination addresses and ports - they don't (if they did, they'd be monologues, not conversations), they just have two address/port pairs for the two endpoints, with one or more of the address or port in the second pair possibly being wildcarded; 2) the first and second address or port argument to "find_conversation()" or "try_conversation_dissector()" have anything to do with the first or second address/port pair in a conversation - they don't, the two arguments to those routines are matched against *both* address/port pairs for a conversation; as otherwise people might think that they need to add flags to wildcard the first arguments "conversation_new()" or "find_conversation()" (they don't, they just have to pass the non-wildcarded address/port first and then pass the wildcarded one, even if that means passing the destination first and source second). svn path=/trunk/; revision=3537
2001-06-10 09:50:20 +00:00
* Flags to pass to "find_conversation()" to indicate that the address B
* and/or port B search arguments are wildcards.
*/
Make distinction between conversation options for creation and search
2022-06-02 22:58:15 +00:00
#define NO_MASK_B 0xFFFF0000
#define NO_ADDR_B 0x00010000
#define NO_PORT_B 0x00020000
IPv4: Implementation of conversations with stream identifiers
2023-12-05 14:36:01 +00:00
#define NO_PORT_X 0x00040000
Support for conversations with "wildcard" destination addresses, from Jeff Foster. svn path=/trunk/; revision=2523
2000-10-21 05:52:28 +00:00
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
/** Flags to handle endpoints */
#define USE_LAST_ENDPOINT 0x08 /**< Use last endpoint created, regardless of type */
Remove circuit API Replace with conversation API that limits the "endpoint" to a single uint32 value. The intention is to eventually have "layered" endpoints, because circuit_id was used in cases where src/dest port have already been populated (and are used for layers above). Those src/dest ports should just be treated as just another endpoint, but we currently only have support for one. Change-Id: Ic6aa7ef0241275aa4dfde9459194369b48c72960 Reviewed-on: https://code.wireshark.org/review/24369 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-11-11 22:16:13 +00:00
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
/* Types of conversations Wireshark knows about. */
IDN: Fix use of conversation The conversation_new() function last parameter is options, not a place to put a uint parameter like the channel id. Change the call to the conversation_full API in order to do what was intended, and avoid DISSECTOR_ASSERT messages. Only allocate the file scoped configuration data the first time it is encountered, instead of every time a frame is parsed. The message_info is allocated anew and filled in each time the packet is dissected, so that should be pinfo->pool allocated. Related to #16707, #19272
2023-08-11 11:34:44 +00:00
/* XXX: There should be a way to register conversation types used only
* within one dissector, similar to address types, instead of changing
* the global typedef.
*/
Add conversation endpoint type For the moment this mirrors the port_type enumeration (PT_XXX), but the intent is to move away from using "port types", eliminating most (if not all) Added conversation_pt_to_endpoint_type() so that conversations deal with the correct enumeration. This is for dissector that use pinfo->ptype as input to conversation APIs. Explicit use of port types are converted to using ENDPOINT_XXX type. Change-Id: Ia0bf553a3943b702c921f185407e03ce93ebf0ef Reviewed-on: https://code.wireshark.org/review/24166 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-10-29 14:12:59 +00:00
typedef enum {
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
CONVERSATION_NONE, /* no conversation key */
CONVERSATION_SCTP, /* SCTP */
CONVERSATION_TCP, /* TCP address/port pairs */
CONVERSATION_UDP, /* UDP address/port pairs */
CONVERSATION_DCCP, /* DCCP */
CONVERSATION_IPX, /* IPX sockets */
CONVERSATION_NCP, /* NCP connection */
CONVERSATION_EXCHG, /* Fibre Channel exchange */
CONVERSATION_DDP, /* DDP AppleTalk address/port pair */
CONVERSATION_SBCCS, /* FICON */
CONVERSATION_IDP, /* XNS IDP sockets */
CONVERSATION_TIPC, /* TIPC PORT */
CONVERSATION_USB, /* USB endpoint 0xffff means the host */
CONVERSATION_I2C,
CONVERSATION_IBQP, /* Infiniband QP number */
CONVERSATION_BLUETOOTH,
CONVERSATION_TDMOP,
CONVERSATION_DVBCI,
CONVERSATION_ISO14443,
CONVERSATION_ISDN, /* ISDN channel number */
CONVERSATION_H223, /* H.223 logical channel number */
CONVERSATION_X25, /* X.25 logical channel number */
CONVERSATION_IAX2, /* IAX2 call id */
CONVERSATION_DLCI, /* Frame Relay DLCI */
CONVERSATION_ISUP, /* ISDN User Part CIC */
CONVERSATION_BICC, /* BICC Circuit identifier */
CONVERSATION_GSMTAP,
CONVERSATION_IUUP,
CONVERSATION_DVBBBF, /* DVB Base Band Frame ISI/PLP_ID */
CONVERSATION_IWARP_MPA, /* iWarp MPA */
CONVERSATION_BT_UTP, /* BitTorrent uTP Connection ID */
CONVERSATION_LOG, /* Logging source */
LTP: Enhance with generated items, sequence analysis, and statistics This change adds computed values for reports, sequence analysis between segments, conversation and endpoint taps, and a new statistics menu and dialog.
2022-08-23 21:51:21 +00:00
CONVERSATION_LTP, /* LTP Engine ID and Session Number */
Add Management Component Transport Protocol (MCTP) dissector This change adds a protocol dissector for the Management Component Transport Protocol (MCTP). This is a failry simple datagram-based protocol for messaging between components within a single platform, typically over I2C, serial or PCIe. This dissector just implements the header fields, and sequence-number based message reassembly. Inner protocols will be added as follow-up changes. Linux has support for AF_MCTP data, so decode from the MCTP SLL ltype. Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
2021-10-28 01:01:06 +00:00
CONVERSATION_MCTP,
Add NVMe Management Interface (NVMe-MI) dissector This change adds a small dissector for the NVMe-MI protocol, typically for tunelling Administration commands over an MCTP (over I2C) channel. We just decode the request and response headers, and leave the payload as raw data. Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
2021-10-28 01:02:47 +00:00
CONVERSATION_NVME_MI, /* NVMe management interface */
BPv7: Add conversation and endpoint tracking This adds BPv7 source and destination as first-class text addresses for the packet. This fixes proto-data used for decode-as table editing outside of a layer.
2022-10-05 03:28:42 +00:00
CONVERSATION_BP, /* Bundle Protocol endpoint IDs */
SNMP/UDP: SNMP is walking on UDP conversation/stream ID
2022-12-15 23:35:48 +00:00
CONVERSATION_SNMP, /* SNMP */
QUIC: Handle QUIC connections multiplexed on the same 5-tuple Different QUIC connections can be multiplexed on the same network 5-tuple. Handle this, including checking for Stateless Reset tokens on all connections on the same 5-tuple. Create a CONVERSATION_QUIC type using our internal QUIC connection ID, and set the conversation elements so that subdissectors like TLS that set conversation data only alter data for the one QUIC connection instead of all multiplexed connections. Various failures are expected, per RFC 9000, if zero-length connection IDs are used when multiplexing connections on the same local IP addresses and ports. Fix #17099
2022-12-17 20:36:43 +00:00
CONVERSATION_QUIC, /* QUIC */
IDN: Fix use of conversation The conversation_new() function last parameter is options, not a place to put a uint parameter like the channel id. Change the call to the conversation_full API in order to do what was intended, and avoid DISSECTOR_ASSERT messages. Only allocate the file scoped configuration data the first time it is encountered, instead of every time a frame is parsed. The message_info is allocated anew and filled in each time the packet is dissected, so that should be pinfo->pool allocated. Related to #16707, #19272
2023-08-11 11:34:44 +00:00
CONVERSATION_IDN,
IPv4: Implementation of conversations with stream identifiers
2023-12-05 14:36:01 +00:00
CONVERSATION_IP, /* IP */
IPv6: Implementation of conversations with stream identifiers
2024-02-15 07:04:41 +00:00
CONVERSATION_IPV6, /* IPv6 */
Ethernet: Implementation of conversations with stream identifiers
2024-01-02 07:40:49 +00:00
CONVERSATION_ETH /* ETHERNET */
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
} conversation_type;
/*
* XXX - for now, we just #define these to be the same as the
* corresponding CONVERSATION_ values, for backwards source
* compatibility.
*
* In the long term, we should make this into a separate enum,
* with elements corresponding to conversation types that do
* not have known endpoints removed.
*/
/* Types of conversation endpoints Wireshark knows about. */
#define ENDPOINT_NONE CONVERSATION_NONE
#define ENDPOINT_SCTP CONVERSATION_SCTP
#define ENDPOINT_TCP CONVERSATION_TCP
#define ENDPOINT_UDP CONVERSATION_UDP
#define ENDPOINT_DCCP CONVERSATION_DCCP
#define ENDPOINT_IPX CONVERSATION_IPX
#define ENDPOINT_NCP CONVERSATION_NCP
#define ENDPOINT_EXCHG CONVERSATION_EXCHG
#define ENDPOINT_DDP CONVERSATION_DDP
#define ENDPOINT_SBCCS CONVERSATION_SBCCS
#define ENDPOINT_IDP CONVERSATION_IDP
#define ENDPOINT_TIPC CONVERSATION_TIPC
#define ENDPOINT_USB CONVERSATION_USB
#define ENDPOINT_I2C CONVERSATION_I2C
#define ENDPOINT_IBQP CONVERSATION_IBQP
#define ENDPOINT_BLUETOOTH CONVERSATION_BLUETOOTH
#define ENDPOINT_TDMOP CONVERSATION_TDMOP
#define ENDPOINT_DVBCI CONVERSATION_DVBCI
#define ENDPOINT_ISO14443 CONVERSATION_ISO14443
#define ENDPOINT_ISDN CONVERSATION_ISDN
#define ENDPOINT_H223 CONVERSATION_H223
#define ENDPOINT_X25 CONVERSATION_X25
#define ENDPOINT_IAX2 CONVERSATION_IAX2
#define ENDPOINT_DLCI CONVERSATION_DLCI
#define ENDPOINT_ISUP CONVERSATION_ISUP
#define ENDPOINT_BICC CONVERSATION_BICC
#define ENDPOINT_GSMTAP CONVERSATION_GSMTAP
#define ENDPOINT_IUUP CONVERSATION_IUUP
#define ENDPOINT_DVBBBF CONVERSATION_DVBBBF
#define ENDPOINT_IWARP_MPA CONVERSATION_IWARP_MPA
#define ENDPOINT_BT_UTP CONVERSATION_BT_UTP
#define ENDPOINT_LOG CONVERSATION_LOG
Add Management Component Transport Protocol (MCTP) dissector This change adds a protocol dissector for the Management Component Transport Protocol (MCTP). This is a failry simple datagram-based protocol for messaging between components within a single platform, typically over I2C, serial or PCIe. This dissector just implements the header fields, and sequence-number based message reassembly. Inner protocols will be added as follow-up changes. Linux has support for AF_MCTP data, so decode from the MCTP SLL ltype. Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
2021-10-28 01:01:06 +00:00
#define ENDPOINT_MCTP CONVERSATION_MCTP
Add NVMe Management Interface (NVMe-MI) dissector This change adds a small dissector for the NVMe-MI protocol, typically for tunelling Administration commands over an MCTP (over I2C) channel. We just decode the request and response headers, and leave the payload as raw data. Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
2021-10-28 01:02:47 +00:00
#define ENDPOINT_NVME_MI CONVERSATION_NVME_MI
SNMP/UDP: SNMP is walking on UDP conversation/stream ID
2022-12-15 23:35:48 +00:00
#define ENDPOINT_SNMP CONVERSATION_SNMP
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
typedef conversation_type endpoint_type;
Add conversation endpoint type For the moment this mirrors the port_type enumeration (PT_XXX), but the intent is to move away from using "port types", eliminating most (if not all) Added conversation_pt_to_endpoint_type() so that conversations deal with the correct enumeration. This is for dissector that use pinfo->ptype as input to conversation APIs. Explicit use of port types are converted to using ENDPOINT_XXX type. Change-Id: Ia0bf553a3943b702c921f185407e03ce93ebf0ef Reviewed-on: https://code.wireshark.org/review/24166 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-10-29 14:12:59 +00:00
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
/**
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
* Conversation element type.
Export the data structure used to represent a conversation. Replace "add_to_conversation()" with: "conversation_new()", which creates a new conversation, given source and destination addresses and ports, and returns a pointer to the structure for the conversation; "find_conversation()", which tries to find a conversation for given source and destination addresses and ports, and returns a pointer to the structure for the conversation if found, and a null pointer if not found. Add a private data pointer field to the conversation structure, and have "conversation_new()" take an argument that specifies what to set that pointer to; that lets clients of the conversation code hang arbitrary data off the conversation (e.g., a hash table of protocol requests and replies, in case the protocol is a request/reply protocol wherein the reply doesn't say what type of request it's a reply to, and you need that information to dissect the reply). svn path=/trunk/; revision=920
1999-10-24 07:27:20 +00:00
*/
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
typedef enum {
Falco bridge: Syscall conversation updates Add a pinfo conversation filter which enables related packets based on (container.id, proc.id) combinations. Register the "Process" conversation filter first so that the "Go" menu behavior matches the related packet display. Handle cases where container.id is missing. Add 64-bit integer type support to conversations.
2024-02-05 22:08:39 +00:00
CE_CONVERSATION_TYPE, /* CONVERSATION_ value */
CE_ADDRESS, /* address */
CE_PORT, /* unsigned integer representing a port */
CE_STRING, /* string */
CE_UINT, /* unsigned integer not representing a port */
CE_UINT64, /* 64-bit unsigned integer */
CE_INT, /* signed integer */
CE_INT64, /* signed integer */
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
} conversation_element_type;
/**
conversation: give more details of the various conversation keys. Give details about the conversation elements key and the pair of address/port endpoints key, including a bunch of XXX comments about how this should perhaps be cleaned up.
2022-08-30 09:07:59 +00:00
* Elements used to identify conversations for *_full routines and
* pinfo->conv_elements.
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
* Arrays must be terminated with an element .type set to CE_CONVERSATION_TYPE.
conversation: give more details of the various conversation keys. Give details about the conversation elements key and the pair of address/port endpoints key, including a bunch of XXX comments about how this should perhaps be cleaned up.
2022-08-30 09:07:59 +00:00
*
* This is currently set only by conversation_set_elements_by_id(); it
* is not set for conversations identified by address/port endpoints.
*
* In find_conversation_pinfo() and find_or_create_conversation(), if
* any dissector has set this, then, unless some dissector has set the
* pair of address/port endpoints (see below), the array of elements
* is used to look up or create the conversation. Otherwise, the
* current addresses and ports in the packet_info structure are used.
*
* XXX - is there any reason why we shouldn't use an array of conversation
* elements, with the appropriate addresses and ports, and set it for
* all protocols that use conversations specified by a pair of address/port
* endpoints? That might simplify find_conversation_pinfo() by having
* them always use the array of elements if it's present, and just fail if
* it's not.
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
*/
typedef struct conversation_element {
conversation_element_type type;
union {
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
conversation_type conversation_type_val;
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
address addr_val;
unsigned int port_val;
const char *str_val;
unsigned int uint_val;
uint64_t uint64_val;
conversation: Add CE_INT Add a plain integer conversation element type.
2023-01-25 22:52:20 +00:00
int int_val;
Falco bridge: Syscall conversation updates Add a pinfo conversation filter which enables related packets based on (container.id, proc.id) combinations. Register the "Process" conversation filter first so that the "Go" menu behavior matches the related packet display. Handle cases where container.id is missing. Add 64-bit integer type support to conversations.
2024-02-05 22:08:39 +00:00
int64_t int64_val;
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
};
} conversation_element_t;
Support for conversations with "wildcard" destination addresses, from Jeff Foster. svn path=/trunk/; revision=2523
2000-10-21 05:52:28 +00:00
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
/**
* Data structure representing a conversation.
*/
Export the data structure used to represent a conversation. Replace "add_to_conversation()" with: "conversation_new()", which creates a new conversation, given source and destination addresses and ports, and returns a pointer to the structure for the conversation; "find_conversation()", which tries to find a conversation for given source and destination addresses and ports, and returns a pointer to the structure for the conversation if found, and a null pointer if not found. Add a private data pointer field to the conversation structure, and have "conversation_new()" take an argument that specifies what to set that pointer to; that lets clients of the conversation code hang arbitrary data off the conversation (e.g., a hash table of protocol requests and replies, in case the protocol is a request/reply protocol wherein the reply doesn't say what type of request it's a reply to, and you need that information to dissect the reply). svn path=/trunk/; revision=920
1999-10-24 07:27:20 +00:00
typedef struct conversation {
epan: Normalize conversation code indentation. Change the indentation of conversation.[ch] to 4 spaces to match conversation_table.[ch] and conversation_filter.[ch].
2022-05-09 16:31:54 +00:00
struct conversation *next; /** pointer to next conversation on hash chain */
struct conversation *last; /** pointer to the last conversation on hash chain */
struct conversation *latest_found; /** pointer to the last conversation on hash chain */
guint32 conv_index; /** unique ID for conversation */
guint32 setup_frame; /** frame number that setup this conversation */
/* Assume that setup_frame is also the lowest frame number for now. */
guint32 last_frame; /** highest frame number in this conversation */
wmem_tree_t *data_list; /** list of data associated with conversation */
wmem_tree_t *dissector_tree; /** tree containing protocol dissector client associated with conversation */
guint options; /** wildcard flags */
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
conversation_element_t *key_ptr; /** Keys are conversation element arrays terminated with a CE_CONVERSATION_TYPE */
Export the data structure used to represent a conversation. Replace "add_to_conversation()" with: "conversation_new()", which creates a new conversation, given source and destination addresses and ports, and returns a pointer to the structure for the conversation; "find_conversation()", which tries to find a conversation for given source and destination addresses and ports, and returns a pointer to the structure for the conversation if found, and a null pointer if not found. Add a private data pointer field to the conversation structure, and have "conversation_new()" take an argument that specifies what to set that pointer to; that lets clients of the conversation code hang arbitrary data off the conversation (e.g., a hash table of protocol requests and replies, in case the protocol is a request/reply protocol wherein the reply doesn't say what type of request it's a reply to, and you need that information to dissect the reply). svn path=/trunk/; revision=920
1999-10-24 07:27:20 +00:00
} conversation_t;
conversation: give more details of the various conversation keys. Give details about the conversation elements key and the pair of address/port endpoints key, including a bunch of XXX comments about how this should perhaps be cleaned up.
2022-08-30 09:07:59 +00:00
/*
* For some protocols, we store, in the packet_info structure, a pair
* of address/port endpoints, for use by code that might want to
* construct a conversation for that protocol.
*
* This appears to have been done in order to allow protocols to save
* that information *without* overwriting the addresses or ports in the
* packet_info structure, so that the other code that uses those values,
* such as the code that fills in the address and port columns in the
* packet summary, will pick up the values put there by protocols such
* as IP and UDP, rather than the values put there by protocols such as
* TDMoP, FCIP, TIPC, and DVB Dynamic Mode Adaptation. See commit
* 66b441f3d63e21949530d672bf1406dea94ed254 and issue #11340.
*
* That is set by conversation_set_conv_addr_port_endpoints().
*
* In find_conversation_pinfo() and find_or_create_conversation(), if
* any dissector has set this, that address/port endpoint pair is used
* to look up or create the conversation.
*
* Prior to 4.0, conversations identified by a single integer value
* (such as a circuit ID) were handled by creating a pair of address/port
* endpoints with null addresses, the first port equal to the integer
* value, the second port missing, and a port type being an ENDPOINT_
* type specifying the protocol for the conversation. Now we use an
* array of elements, with a CE_UINT value for the integer followed
* by a CE_CONVERSATION_TYPE value specifying the protocol for the
IPv4: Implementation of conversations with stream identifiers
2023-12-05 14:36:01 +00:00
* conversation.
conversation: give more details of the various conversation keys. Give details about the conversation elements key and the pair of address/port endpoints key, including a bunch of XXX comments about how this should perhaps be cleaned up.
2022-08-30 09:07:59 +00:00
*
* XXX - is there any reason why we shouldn't use an array of conversation
* elements, with the appropriate addresses and ports, instead of this
* structure? It would at least simplify find_conversation_pinfo() and
* find_or_create_conversation().
*/
conversation: speak of the "conversation key" as just address/port endpoints. It's not a general key for looking up arbitrary conversations - that's what an array of conversation elements is for - it's just a pair of address/port endpoints. (It's not even hijacked for conversations identified by a circuit ID any more.)
2022-08-30 02:19:59 +00:00
struct conversation_addr_port_endpoints;
typedef struct conversation_addr_port_endpoints* conversation_addr_port_endpoints_t;
Add ability to create endpoints through conversations Add endpoint information to the packet_info structure for dissectors to potentially use as their data to create conversations. This patch includes a simple "example" of using conversation_create_endpoint with TDMoP. The assignment of the PT_TDMOP "port type" has been replaced by setting ENDPOINT_TDMOP within the endpoint structure. Then when subdissectors of TDMoP call find_or_create_conversation(), it implicitly picks up the conversation information set by TDMoP Change-Id: I11dc29989cccd3b0f0349ee901babb455ca02d19 Reviewed-on: https://code.wireshark.org/review/24190 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Andrew Chernyh <andrew.chernyh@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-10-30 19:57:34 +00:00
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
WS_DLL_PUBLIC const address* conversation_key_addr1(const conversation_element_t *key);
WS_DLL_PUBLIC guint32 conversation_key_port1(const conversation_element_t *key);
WS_DLL_PUBLIC const address* conversation_key_addr2(const conversation_element_t *key);
WS_DLL_PUBLIC guint32 conversation_key_port2(const conversation_element_t *key);
Privatize the conversation_key structure The intention is to make it more transparent when making a switch to an "endpoint" over address/port combination. Change-Id: Ic424c32095ecb103bcb4f7f4079c549de2c8d9c4 Reviewed-on: https://code.wireshark.org/review/24148 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-10-28 17:26:51 +00:00
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
/**
Convert conversation hash tables to use wmem. Simplifies cleanup because wmem can handle the memory cleanup. Change-Id: Idc6a9bfe5f23c83b59a5278a64b9fb706862342d Reviewed-on: https://code.wireshark.org/review/20042 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-02-09 17:28:14 +00:00
* Create a new hash tables for conversations.
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
*/
Convert conversation hash tables to use wmem. Simplifies cleanup because wmem can handle the memory cleanup. Change-Id: Idc6a9bfe5f23c83b59a5278a64b9fb706862342d Reviewed-on: https://code.wireshark.org/review/20042 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-02-09 17:28:14 +00:00
extern void conversation_init(void);
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
/**
* Initialize some variables every time a file is loaded or re-loaded.
*/
Convert conversation hash tables to use wmem. Simplifies cleanup because wmem can handle the memory cleanup. Change-Id: Idc6a9bfe5f23c83b59a5278a64b9fb706862342d Reviewed-on: https://code.wireshark.org/review/20042 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-02-09 17:28:14 +00:00
extern void conversation_epan_reset(void);
Support for conversations with "wildcard" destination addresses, from Jeff Foster. svn path=/trunk/; revision=2523
2000-10-21 05:52:28 +00:00
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
/**
* Create a new conversation identified by a list of elements.
* @param setup_frame The first frame in the conversation.
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
* @param elements An array of element types and values. Must not be NULL. Must be terminated with a CE_CONVERSATION_TYPE element.
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
* @return The new conversation.
*/
WS_DLL_PUBLIC WS_RETNONNULL conversation_t *conversation_new_full(const guint32 setup_frame, conversation_element_t *elements);
/**
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
* Given two address/port pairs for a packet, create a new conversation
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
* identified by address/port pairs.
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
*
* The options field is used to specify whether the address 2 value
* and/or port 2 value are not given and any value is acceptable
epan: Check for null addresses in find_conversation. Make sure we don't pass null address pointers to conversation_lookup_*. Fixes #18126.
2022-06-06 00:56:06 +00:00
* when searching for this conversation. Null address values will
* be replaced with empty (AT_NONE) addresses.
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
*
* @param setup_frame The first frame in the conversation.
* @param addr1 The first address in the identifying tuple.
* @param addr2 The second address in the identifying tuple.
conversation: fix some comments.
2022-08-26 07:10:01 +00:00
* @param ctype The conversation type.
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
* @param port1 The first port in the identifying tuple.
* @param port2 The second port in the identifying tuple.
* @param options NO_ADDR2, NO_PORT2, NO_PORT2_FORCE, or CONVERSATION_TEMPLATE.
* Options except for NO_PORT2 and NO_PORT2_FORCE can be ORed.
* @return The new conversation.
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
*/
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
WS_DLL_PUBLIC WS_RETNONNULL conversation_t *conversation_new(const guint32 setup_frame, const address *addr1, const address *addr2,
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
const conversation_type ctype, const guint32 port1, const guint32 port2, const guint options);
Support for conversations with "wildcard" destination addresses, from Jeff Foster. svn path=/trunk/; revision=2523
2000-10-21 05:52:28 +00:00
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
WS_DLL_PUBLIC WS_RETNONNULL conversation_t *conversation_new_by_id(const guint32 setup_frame, const conversation_type ctype, const guint32 id);
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
/**
* Search for a conversation based on the structure and values of an element list.
* @param frame_num Frame number. Must be greater than or equal to the conversation's initial frame number.
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
* @param elements An array of element types and values. Must not be NULL. Must be terminated with a CE_CONVERSATION_TYPE element.
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
* @return The matching conversation if found, otherwise NULL.
*/
WS_DLL_PUBLIC conversation_t *find_conversation_full(const guint32 frame_num, conversation_element_t *elements);
DVB-CI: Convert circuit API to conversation API Add the few necessary conversation APIs to make conversion possible. Change-Id: I775f23005c48cacd2be342bdc704af4738f0789c Reviewed-on: https://code.wireshark.org/review/24310 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-11-09 01:02:06 +00:00
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
/**
* Given two address/port pairs for a packet, search for a conversation
* containing packets between those address/port pairs. Returns NULL if
* not found.
*
* We try to find the most exact match that we can, and then proceed to
* try wildcard matches on the "addr_b" and/or "port_b" argument if a more
* exact match failed.
*
* Either or both of the "addr_b" and "port_b" arguments may be specified as
* a wildcard by setting the NO_ADDR_B or NO_PORT_B flags in the "options"
* argument. We do only wildcard matches on addresses and ports specified
* as wildcards.
*
* I.e.:
*
* if neither "addr_b" nor "port_b" were specified as wildcards, we
* do an exact match (addr_a/port_a and addr_b/port_b) and, if that
* succeeds, we return a pointer to the matched conversation;
*
* otherwise, if "port_b" wasn't specified as a wildcard, we try to
* match any address 2 with the specified port 2 (addr_a/port_a and
* {any}/addr_b) and, if that succeeds, we return a pointer to the
* matched conversation;
*
* otherwise, if "addr_b" wasn't specified as a wildcard, we try to
* match any port 2 with the specified address 2 (addr_a/port_a and
* addr_b/{any}) and, if that succeeds, we return a pointer to the
* matched conversation;
*
* otherwise, we try to match any address 2 and any port 2
* (addr_a/port_a and {any}/{any}) and, if that succeeds, we return
* a pointer to the matched conversation;
*
* otherwise, we found no matching conversation, and return NULL.
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
*
epan: Check for null addresses in find_conversation. Make sure we don't pass null address pointers to conversation_lookup_*. Fixes #18126.
2022-06-06 00:56:06 +00:00
* Null address values will be replaced with empty (AT_NONE) addresses.
*
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
* @param frame_num Frame number. Must be greater than or equal to the conversation's initial frame number.
conversation(.h): Fix -Wdocumentation
2022-05-25 04:57:11 +00:00
* @param addr_a The first address in the identifying tuple.
* @param addr_b The second address in the identifying tuple.
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
* @param ctype The conversation type.
conversation(.h): Fix -Wdocumentation
2022-05-25 04:57:11 +00:00
* @param port_a The first port in the identifying tuple.
* @param port_b The second port in the identifying tuple.
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
* @param options Wildcard options as described above.
* @return The matching conversation if found, otherwise NULL.
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
*/
Export libwireshark symbols using WS_DLL_PUBLIC define Also remove old WS_VAR_IMPORT define and related Makefile magic everywhere in the project. svn path=/trunk/; revision=47992
2013-03-01 23:53:11 +00:00
WS_DLL_PUBLIC conversation_t *find_conversation(const guint32 frame_num, const address *addr_a, const address *addr_b,
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
const conversation_type ctype, const guint32 port_a, const guint32 port_b, const guint options);
Uwe Girlich's ONC RPC and NFS dissectors. svn path=/trunk/; revision=945
1999-10-29 01:04:44 +00:00
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
WS_DLL_PUBLIC conversation_t *find_conversation_by_id(const guint32 frame, const conversation_type ctype, const guint32 id);
DVB-CI: Convert circuit API to conversation API Add the few necessary conversation APIs to make conversion possible. Change-Id: I775f23005c48cacd2be342bdc704af4738f0789c Reviewed-on: https://code.wireshark.org/review/24310 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-11-09 01:02:06 +00:00
Add find_conversation_pinfo Convenience function to add the same parameters to find_conversation as find_or_create_conversation. Change-Id: I3a92541cb9c1e827a9de8248825636debbd989cd Reviewed-on: https://code.wireshark.org/review/24118 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-10-27 20:39:50 +00:00
/** A helper function that calls find_conversation() using data from pinfo
* The frame number and addresses are taken from pinfo.
*/
WS_DLL_PUBLIC conversation_t *find_conversation_pinfo(packet_info *pinfo, const guint options);
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
/**
* A helper function that calls find_conversation() and, if a conversation is
* not found, calls conversation_new().
* The frame number and addresses are taken from pinfo.
* No options are used, though we could extend this API to include an options
* parameter.
*
* @param pinfo Packet info.
* @return The existing or new conversation.
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
*/
epan: Allow conversations based on arbitrary element lists. Add conversation_new_full and find_conversation_full, which take arbitrary element lists instead of fixed addresses and ports. Update the comments in conversation.h to be more Doxygen-conformant. Update README.dissector. Use the new functionality to add initial conversation support to the Falco Bridge dissector.
2022-05-11 00:03:31 +00:00
WS_DLL_PUBLIC WS_RETNONNULL conversation_t *find_or_create_conversation(packet_info *pinfo);
As suggested in http://www.wireshark.org/lists/wireshark-dev/200809/msg00075.html (as referenced in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2907 ) and https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3411 : Write a new convenience routine for finding a conversation and, if it is not found, create it. The frame number and addresses are taken from pinfo (as is the common case). Use this function in a bunch of dissectors. svn path=/trunk/; revision=32790
2010-05-13 18:28:34 +00:00
Revert "Have find_or_create_conversation() use pinfo->conv_endpoint if present." This reverts commit ba202ef36225b59eb797c5a48b8d4a4665b479c7. Creating endpoints, and corresponding conversations, for protocols atop which TCP or UDP runs can potentially cause attempts to look up the conversation to find the conversation for that protocol rather than for TCP/UDP, which can confuse protocols running atop TCP or UDP. Change-Id: I3ca522e54e67cc4f996d0ee841c6bb40ee6a9976 Reviewed-on: https://code.wireshark.org/review/28912 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-08-01 02:55:13 +00:00
/** A helper function that calls find_conversation_by_id() and, if a
* conversation is not found, calls conversation_new_by_id().
* The frame number is taken from pinfo.
*/
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
WS_DLL_PUBLIC WS_RETNONNULL conversation_t *find_or_create_conversation_by_id(packet_info *pinfo, const conversation_type ctype, const guint32 id);
Revert "Have find_or_create_conversation() use pinfo->conv_endpoint if present." This reverts commit ba202ef36225b59eb797c5a48b8d4a4665b479c7. Creating endpoints, and corresponding conversations, for protocols atop which TCP or UDP runs can potentially cause attempts to look up the conversation to find the conversation for that protocol rather than for TCP/UDP, which can confuse protocols running atop TCP or UDP. Change-Id: I3ca522e54e67cc4f996d0ee841c6bb40ee6a9976 Reviewed-on: https://code.wireshark.org/review/28912 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2018-08-01 02:55:13 +00:00
epan: Add a null conversation checks. Check for null conversations in conversation_add_proto_data, conversation_get_proto_data, and conversation_delete_proto_data. Document them as well. Ping #18043.
2022-04-19 17:13:42 +00:00
/** Associate data with a conversation.
* @param conv Conversation. Must not be NULL.
* @param proto Protocol ID.
* @param proto_data Pointer to the data to associate.
*/
epan: Normalize conversation code indentation. Change the indentation of conversation.[ch] to 4 spaces to match conversation_table.[ch] and conversation_filter.[ch].
2022-05-09 16:31:54 +00:00
WS_DLL_PUBLIC void conversation_add_proto_data(conversation_t *conv, const int proto, void *proto_data);
epan: Add a null conversation checks. Check for null conversations in conversation_add_proto_data, conversation_get_proto_data, and conversation_delete_proto_data. Document them as well. Ping #18043.
2022-04-19 17:13:42 +00:00
/** Fetch data associated with a conversation.
* @param conv Conversation. Must not be NULL.
* @param proto Protocol ID.
* @return The data previously set with conversation_add_proto_data, otherwise NULL.
*/
Export libwireshark symbols using WS_DLL_PUBLIC define Also remove old WS_VAR_IMPORT define and related Makefile magic everywhere in the project. svn path=/trunk/; revision=47992
2013-03-01 23:53:11 +00:00
WS_DLL_PUBLIC void *conversation_get_proto_data(const conversation_t *conv, const int proto);
epan: Add a null conversation checks. Check for null conversations in conversation_add_proto_data, conversation_get_proto_data, and conversation_delete_proto_data. Document them as well. Ping #18043.
2022-04-19 17:13:42 +00:00
/** Remove data associated with a conversation.
* @param conv Conversation. Must not be NULL.
* @param proto Protocol ID.
*/
Export libwireshark symbols using WS_DLL_PUBLIC define Also remove old WS_VAR_IMPORT define and related Makefile magic everywhere in the project. svn path=/trunk/; revision=47992
2013-03-01 23:53:11 +00:00
WS_DLL_PUBLIC void conversation_delete_proto_data(conversation_t *conv, const int proto);
Instead of having a single datum attached to a conversation, have a list of protocol-id-plus-datum pairs, so that multiple protocols can attach information to the same conversation. Dissectors that attach information to a conversation should not assume that if they find a conversation it has one of its data attached to it; the conversation might've been created by another dissector. svn path=/trunk/; revision=3901
2001-09-03 10:33:12 +00:00
epan: Normalize conversation code indentation. Change the indentation of conversation.[ch] to 4 spaces to match conversation_table.[ch] and conversation_filter.[ch].
2022-05-09 16:31:54 +00:00
WS_DLL_PUBLIC void conversation_set_dissector(conversation_t *conversation, const dissector_handle_t handle);
STUN: register a new conversation dissector after receiving a ConnectionBind Success Response message According to RFC 6062, once the connection is established, data is sent as-is To stop the STUN dissector from interfering, add the ability to specify a starting frame for a conversation dissector and use it Bug: 11641 Change-Id: I65ca96bddacf70444009c0642ea22173fa68992e Reviewed-on: https://code.wireshark.org/review/11372 Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2015-10-28 21:32:17 +00:00
WS_DLL_PUBLIC void conversation_set_dissector_from_frame_number(conversation_t *conversation,
const guint32 starting_frame_num, const dissector_handle_t handle);
epan: Normalize conversation code indentation. Change the indentation of conversation.[ch] to 4 spaces to match conversation_table.[ch] and conversation_filter.[ch].
2022-05-09 16:31:54 +00:00
WS_DLL_PUBLIC dissector_handle_t conversation_get_dissector(conversation_t *conversation, const guint32 frame_num);
STUN: register a new conversation dissector after receiving a ConnectionBind Success Response message According to RFC 6062, once the connection is established, data is sent as-is To stop the STUN dissector from interfering, add the ability to specify a starting frame for a conversation dissector and use it Bug: 11641 Change-Id: I65ca96bddacf70444009c0642ea22173fa68992e Reviewed-on: https://code.wireshark.org/review/11372 Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
2015-10-28 21:32:17 +00:00
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
/**
conversation: speak of the "conversation key" as just address/port endpoints. It's not a general key for looking up arbitrary conversations - that's what an array of conversation elements is for - it's just a pair of address/port endpoints. (It's not even hijacked for conversations identified by a circuit ID any more.)
2022-08-30 02:19:59 +00:00
* Save address+port information in the current packet info; it can be matched
* by find_conversation_pinfo or find_conversation.
Rename routines that talk about conversation keys to talk about elements. And change them to say "set" rather than "create"; they do more than just allocate an array of conversation elements, they stuff a pointer to that array into pinfo, which may affect what other dissectors do.
2022-08-26 05:37:19 +00:00
* Supports wildcarding.
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
* @param pinfo Packet info.
* @param addr1 The first address in the identifying tuple.
* @param addr2 The second address in the identifying tuple.
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
* @param ctype The conversation type.
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
* @param port1 The first port in the identifying tuple.
* @param port2 The second port in the identifying tuple.
*/
conversation: speak of the "conversation key" as just address/port endpoints. It's not a general key for looking up arbitrary conversations - that's what an array of conversation elements is for - it's just a pair of address/port endpoints. (It's not even hijacked for conversations identified by a circuit ID any more.)
2022-08-30 02:19:59 +00:00
WS_DLL_PUBLIC void conversation_set_conv_addr_port_endpoints(struct _packet_info *pinfo, address* addr1, address* addr2,
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
conversation_type ctype, guint32 port1, guint32 port2);
Add ability to create endpoints through conversations Add endpoint information to the packet_info structure for dissectors to potentially use as their data to create conversations. This patch includes a simple "example" of using conversation_create_endpoint with TDMoP. The assignment of the PT_TDMOP "port type" has been replaced by setting ENDPOINT_TDMOP within the endpoint structure. Then when subdissectors of TDMoP call find_or_create_conversation(), it implicitly picks up the conversation information set by TDMoP Change-Id: I11dc29989cccd3b0f0349ee901babb455ca02d19 Reviewed-on: https://code.wireshark.org/review/24190 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Andrew Chernyh <andrew.chernyh@gmail.com> Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-10-30 19:57:34 +00:00
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
/**
Rename routines that talk about conversation keys to talk about elements. And change them to say "set" rather than "create"; they do more than just allocate an array of conversation elements, they stuff a pointer to that array into pinfo, which may affect what other dissectors do.
2022-08-26 05:37:19 +00:00
* Save conversation elements including ID information in the current
* packet info which can be matched by conversation_get_id_from_elements.
* Does not support wildcarding.
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
* @param pinfo Packet info.
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
* @param ctype The conversation type.
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
* @param id A unique ID.
*/
Rename routines that talk about conversation keys to talk about elements. And change them to say "set" rather than "create"; they do more than just allocate an array of conversation elements, they stuff a pointer to that array into pinfo, which may affect what other dissectors do.
2022-08-26 05:37:19 +00:00
WS_DLL_PUBLIC void conversation_set_elements_by_id(struct _packet_info *pinfo,
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
conversation_type ctype, guint32 id);
Remove circuit API Replace with conversation API that limits the "endpoint" to a single uint32 value. The intention is to eventually have "layered" endpoints, because circuit_id was used in cases where src/dest port have already been populated (and are used for layers above). Those src/dest ports should just be treated as just another endpoint, but we currently only have support for one. Change-Id: Ic6aa7ef0241275aa4dfde9459194369b48c72960 Reviewed-on: https://code.wireshark.org/review/24369 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-11-11 22:16:13 +00:00
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
/**
Rename routines that talk about conversation keys to talk about elements. And change them to say "set" rather than "create"; they do more than just allocate an array of conversation elements, they stuff a pointer to that array into pinfo, which may affect what other dissectors do.
2022-08-26 05:37:19 +00:00
* @brief Get the ID value from the conversation elements in the packet info.
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
* @param pinfo Packet info.
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
* @param ctype The conversation type.
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
* @param options USE_LAST_ENDPOINT or 0.
conversation: fix some comments.
2022-08-26 07:10:01 +00:00
* @return The ID value from the elements if successful, or 0
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
* on failure.
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
*/
Rename routines that talk about conversation keys to talk about elements. And change them to say "set" rather than "create"; they do more than just allocate an array of conversation elements, they stuff a pointer to that array into pinfo, which may affect what other dissectors do.
2022-08-26 05:37:19 +00:00
WS_DLL_PUBLIC guint32 conversation_get_id_from_elements(struct _packet_info *pinfo,
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
conversation_type ctype, const guint options);
Remove circuit API Replace with conversation API that limits the "endpoint" to a single uint32 value. The intention is to eventually have "layered" endpoints, because circuit_id was used in cases where src/dest port have already been populated (and are used for layers above). Those src/dest ports should just be treated as just another endpoint, but we currently only have support for one. Change-Id: Ic6aa7ef0241275aa4dfde9459194369b48c72960 Reviewed-on: https://code.wireshark.org/review/24369 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-11-11 22:16:13 +00:00
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
/**
* Given two address/port pairs for a packet, search for a matching
* conversation and, if found and it has a conversation dissector,
* call that dissector and return TRUE, otherwise return FALSE.
*
* This helper uses call_dissector_only which will NOT call the default
* "data" dissector if the packet was rejected.
(Trivial) explicitely --> explicitly svn path=/trunk/; revision=54594
2014-01-04 17:29:20 +00:00
* Our caller is responsible to call the data dissector explicitly in case
Doxygen changes. svn path=/trunk/; revision=33981
2010-08-28 19:27:19 +00:00
* this function returns FALSE.
*/
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
WS_DLL_PUBLIC gboolean try_conversation_dissector(const address *addr_a, const address *addr_b, const conversation_type ctype,
From Yaniv Kaul: constify parameters https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4422 From me: Fix a number of instances where the function prototype or the function definition wasn't changed so there was a mismatch thus causing Windows (but not gcc) compilation errors. svn path=/trunk/; revision=32365
2010-04-03 18:18:50 +00:00
const guint32 port_a, const guint32 port_b, tvbuff_t *tvb, packet_info *pinfo,
UDP: Heuristic dissector for conversation taking precedence When a single UDP port is supporting multiple protocols, for example RTP and RTCP can share a port, and one of these protocols is detected through a heuristic before a superior protocol (e.g. SIP/SDP) has established that the port has multiple protocols, then only the heuristic is used. This is due to only looking for an exact match with find_conversation() and not going any further. The superior protocol only adds the dissector by source address/port. So, to fix, if we do not find the exact match, we continue serching for a dissector on the partial matches. Bug: 14370 Change-Id: Icdded9ca1637cd594b920f979f6f0a003bef9aae Reviewed-on: https://code.wireshark.org/review/25432 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
2018-01-23 10:48:57 +00:00
proto_tree *tree, void* data, const guint options);
Jeff Foster's SOCKS dissector, support for associating dissectors with conversations and having TCP and UDP check whether a packet is part of a conversation with a dissector and, if so, using that dissector on the conversation, and "ethertype()"-style support for allowing a dissector to call a sub-dissector via the same path that the TCP and UDP dissectors use, based on port numbers supplied by that dissector. svn path=/trunk/; revision=1837
2000-04-12 22:53:16 +00:00
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
WS_DLL_PUBLIC gboolean try_conversation_dissector_by_id(const conversation_type ctype, const guint32 id, tvbuff_t *tvb,
ISDN: Convert circuit API to conversation API Change-Id: I8752123a740c47f9328e0144624d4fbf4e200165 Reviewed-on: https://code.wireshark.org/review/24314 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-11-09 05:25:43 +00:00
packet_info *pinfo, proto_tree *tree, void* data);
Support for conversations with "wildcard" destination addresses, from Jeff Foster. svn path=/trunk/; revision=2523
2000-10-21 05:52:28 +00:00
/* These routines are used to set undefined values for a conversation */
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
/**
* Set the second port in a conversation created with conversation_new.
* @param conv Conversation. Must be created with conversation_new.
* @param port The second port to set.
*/
epan: Normalize conversation code indentation. Change the indentation of conversation.[ch] to 4 spaces to match conversation_table.[ch] and conversation_filter.[ch].
2022-05-09 16:31:54 +00:00
WS_DLL_PUBLIC void conversation_set_port2(conversation_t *conv, const guint32 port);
Support for conversations with "wildcard" destination addresses, from Jeff Foster. svn path=/trunk/; revision=2523
2000-10-21 05:52:28 +00:00
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
/**
* Set the second address in a conversation created with conversation_new.
* @param conv Conversation. Must be created with conversation_new.
Qt: Adapt sorting for traffic tables Improve sorting for the traffic tables
2022-06-12 11:48:05 +00:00
* @param addr The second address to set.
epan: Convert remaining conversation code to elements. Convert the address+port conversation code to element lists. Make our conversation keys element lists. Document more of the conversation API. Update the Conversation Hash Table dialog to use the new API. Describe an alternative key type and data structure at the top of conversation.c.
2022-05-24 19:33:33 +00:00
*/
epan: Normalize conversation code indentation. Change the indentation of conversation.[ch] to 4 spaces to match conversation_table.[ch] and conversation_filter.[ch].
2022-05-09 16:31:54 +00:00
WS_DLL_PUBLIC void conversation_set_addr2(conversation_t *conv, const address *addr);
Use a better hash algorithm and add a dialouge to get hastable data. svn path=/trunk/; revision=52078
2013-09-15 19:35:10 +00:00
epan+Qt: Add element tables to the ConversationHashTablesDialog. Add get_conversation_hashtables() and use it to populate the conversation hash tables dialog.
2022-05-24 22:31:17 +00:00
/**
* @brief Get a hash table of conversation hash table.
*
* @return A wmem_map_t * of (const char *: wmem_map_t *).
* Each value is a wmem_map_t * of (const conversation_element_t *: void *).
*/
WS_DLL_PUBLIC wmem_map_t *get_conversation_hashtables(void);
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
/* Temporary function to handle port_type to conversation_type conversion
Add conversation endpoint type For the moment this mirrors the port_type enumeration (PT_XXX), but the intent is to move away from using "port types", eliminating most (if not all) Added conversation_pt_to_endpoint_type() so that conversations deal with the correct enumeration. This is for dissector that use pinfo->ptype as input to conversation APIs. Explicit use of port types are converted to using ENDPOINT_XXX type. Change-Id: Ia0bf553a3943b702c921f185407e03ce93ebf0ef Reviewed-on: https://code.wireshark.org/review/24166 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-10-29 14:12:59 +00:00
For now it's a 1-1 mapping, but the intention is to remove
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
many of the port_type instances in favor of conversation_type
epan: Normalize conversation code indentation. Change the indentation of conversation.[ch] to 4 spaces to match conversation_table.[ch] and conversation_filter.[ch].
2022-05-09 16:31:54 +00:00
*/
Rename a bunch of things with "conversation". A conversation in Wireshark might have two endpoints or might have no endpoints; few if any have one endpoint. Distinguish between conversations and endpoints.
2022-08-26 02:42:38 +00:00
WS_DLL_PUBLIC conversation_type conversation_pt_to_conversation_type(port_type pt);
Add conversation endpoint type For the moment this mirrors the port_type enumeration (PT_XXX), but the intent is to move away from using "port types", eliminating most (if not all) Added conversation_pt_to_endpoint_type() so that conversations deal with the correct enumeration. This is for dissector that use pinfo->ptype as input to conversation APIs. Explicit use of port types are converted to using ENDPOINT_XXX type. Change-Id: Ia0bf553a3943b702c921f185407e03ce93ebf0ef Reviewed-on: https://code.wireshark.org/review/24166 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-10-29 14:12:59 +00:00
conversation: bring back conversation_pt_to_endpoint_type(). It may be used by third-party code, and it may be useful on its own, at least for now.
2022-09-02 07:07:53 +00:00
/* Temporary function to handle port_type to endpoint_type conversion
For now it's a 1-1 mapping, but the intention is to remove
many of the port_type instances in favor of endpoint_type
*/
WS_DLL_PUBLIC endpoint_type conversation_pt_to_endpoint_type(port_type pt);
Put #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ ... #ifdef __cplusplus } #endif /* __cplusplus */ wrappers into some header files, for the benefit of C++ plugins. Also, add multiple-include protections. svn path=/trunk/; revision=20485
2007-01-18 18:43:30 +00:00
#ifdef __cplusplus
}
#endif /* __cplusplus */
Uwe Girlich's ONC RPC and NFS dissectors. svn path=/trunk/; revision=945
1999-10-29 01:04:44 +00:00
#endif /* conversation.h */