|
Wireshark 4.5.0
The Wireshark network protocol analyzer
|
| nstime_t _packet_info::abs_ts |
Packet absolute time stamp
| uint16_t _packet_info::can_desegment |
>0 if this segment could be desegmented. A dissector that can offer this API (e.g. TCP) sets can_desegment=2, then can_desegment is decremented by 1 each time we pass to the next subdissector. Thus only the dissector immediately above the protocol which sets the flag can use it
| struct epan_column_info* _packet_info::cinfo |
Column formatting information
| uint16_t _packet_info::clnp_dstref |
clnp/cotp destination reference (can't use dstport, this would confuse tpkt)
| uint16_t _packet_info::clnp_srcref |
clnp/cotp source reference (can't use srcport, this would confuse tpkt)
| struct conversation_addr_port_endpoints* _packet_info::conv_addr_port_endpoints |
Data that can be used for address+port conversations, including wildcarding
| struct conversation_element* _packet_info::conv_elements |
Arbitrary conversation identifier; can't be wildcarded
| uint8_t _packet_info::curr_layer_num |
map of proto_id to curr_proto_layer_num. The current "depth" or layer number in the current frame
| uint8_t _packet_info::curr_proto_layer_num |
The current "depth" or layer number for this dissector in the current frame
| const char* _packet_info::current_proto |
name of protocol currently being dissected
| GSList* _packet_info::data_src |
Frame data sources
| uint32_t _packet_info::desegment_len |
requested desegmentation additional length or DESEGMENT_ONE_MORE_SEGMENT: Desegment one more full segment (warning! only partially implemented) DESEGMENT_UNTIL_FIN: Desegment all data for this tcp session until the FIN segment.
| int _packet_info::desegment_offset |
offset to stuff needing desegmentation
| uint32_t _packet_info::destport |
destination port
| int _packet_info::dissection_depth |
The current "depth" or layer number in the current frame
| address _packet_info::dl_dst |
link-layer destination address
| address _packet_info::dl_src |
link-layer source address
| address _packet_info::dst |
destination address (net if present, DL otherwise )
| int16_t _packet_info::dst_win_scale |
Rcv.Wind.Shift dst applies when sending segments; -1 unknown; -2 disabled
| uint32_t _packet_info::expert_severity |
highest expert severity
| bool _packet_info::fragmented |
true if the protocol is only a fragment
| const char* _packet_info::heur_list_name |
name of heur list if this packet is being heuristically dissected
| uint32_t _packet_info::in_error_pkt |
true if we're inside an {ICMP,CLNP,...} error packet
| uint32_t _packet_info::in_gre_pkt |
true if we're encapsulated inside a GRE packet
| wmem_list_t* _packet_info::layers |
layers of each protocol
| int _packet_info::link_dir |
3GPP messages are sometime different UP link(UL) or Downlink(DL)
| const char* _packet_info::match_string |
matched string for calling subdissector from table
| uint32_t _packet_info::match_uint |
matched uint for calling subdissector from table
| address _packet_info::net_dst |
network-layer destination address
| address _packet_info::net_src |
network-layer source address
| const char* _packet_info::noreassembly_reason |
reason why reassembly wasn't done, if any
| uint32_t _packet_info::num |
Frame number
| int _packet_info::p2p_dir |
Packet was captured as an outbound (P2P_DIR_SENT) inbound (P2P_DIR_RECV) unknown (P2P_DIR_UNKNOWN)
| wmem_allocator_t* _packet_info::pool |
Memory pool scoped to the pinfo struct
| uint32_t _packet_info::presence_flags |
Presence flags for some items
| GHashTable* _packet_info::private_table |
a hash table passed from one dissector to another
| GSList* _packet_info::proto_data |
Per packet proto data
| port_type _packet_info::ptype |
type of the following two port numbers
| wtap_rec* _packet_info::rec |
Record metadata
| nstime_t _packet_info::rel_cap_ts |
Relative timestamp from capture start (might be negative for broken files)
| bool _packet_info::rel_cap_ts_present |
Relative timestamp from capture start valid
| nstime_t _packet_info::rel_ts |
Relative timestamp (yes, it can be negative)
| uint16_t _packet_info::saved_can_desegment |
Value of can_desegment before current dissector was called. Supplied so that dissectors for proxy protocols such as SOCKS can restore it, allowing the dissectors that they call to use the TCP dissector's desegmentation (SOCKS just retransmits TCP segments once it's finished setting things up, so the TCP desegmentor can desegment its payload).
| address _packet_info::src |
source address (net if present, DL otherwise )
| int16_t _packet_info::src_win_scale |
Rcv.Wind.Shift src applies when sending segments; -1 unknown; -2 disabled
| uint32_t _packet_info::srcport |
source port
| uint32_t _packet_info::stream_id |
Conversation Stream ID of the highest protocol
| bool _packet_info::use_conv_addr_port_endpoints |
true if address/port endpoints member should be used for conversations
| uint32_t _packet_info::vlan_id |
First encountered VLAN Id if present otherwise 0
| uint16_t _packet_info::want_pdu_tracking |
>0 if the subdissector has specified a value in 'bytes_until_next_pdu'. When a dissector detects that the next PDU will start beyond the start of the next segment, it can set this value to 2 and 'bytes_until_next_pdu' to the number of bytes beyond the next segment where the next PDU starts.
If the protocol dissector below this one is capable of PDU tracking it can use this hint to detect PDUs that starts unaligned to the segment boundaries. The TCP dissector is using this hint from (some) protocols to detect when a new PDU starts in the middle of a tcp segment.
There is intelligence in the glue between dissector layers to make sure that this request is only passed down to the protocol immediately below the current one and not any further.