Wireshark  4.3.0
The Wireshark network protocol analyzer
packet-udp.h
1 /* packet-udp.h
2  *
3  * Wireshark - Network traffic analyzer
4  * By Gerald Combs <gerald@wireshark.org>
5  * Copyright 1998 Gerald Combs
6  *
7  *
8  * SPDX-License-Identifier: GPL-2.0-or-later
9  */
10 
11 #ifndef __PACKET_UDP_H__
12 #define __PACKET_UDP_H__
13 
14 #include "ws_symbol_export.h"
15 
16 #include <epan/conversation.h>
17 
18 #ifdef __cplusplus
19 extern "C" {
20 #endif /* __cplusplus */
21 
22 /* UDP structs and definitions */
23 typedef struct _e_udphdr {
24  guint16 uh_sport;
25  guint16 uh_dport;
26  guint32 uh_ulen;
27  guint32 uh_sum_cov;
28  guint16 uh_sum;
29  guint32 uh_stream; /* this stream index field is included to help differentiate when address/port pairs are reused */
30  address ip_src;
31  address ip_dst;
32 } e_udphdr;
33 
34 /* Conversation and process structures originally copied from packet-tcp.c */
35 typedef struct _udp_flow_t {
36  /* Process info, currently discovered via IPFIX */
37  guint32 process_uid; /* UID of local process */
38  guint32 process_pid; /* PID of local process */
39  gchar *username; /* Username of the local process */
40  gchar *command; /* Local process name + path + args */
41 } udp_flow_t;
42 
43 struct udp_analysis {
44  /* These two structs are managed based on comparing the source
45  * and destination addresses and, if they're equal, comparing
46  * the source and destination ports.
47  *
48  * If the source is greater than the destination, then stuff
49  * sent from src is in ual1.
50  *
51  * If the source is less than the destination, then stuff
52  * sent from src is in ual2.
53  *
54  * XXX - if the addresses and ports are equal, we don't guarantee
55  * the behavior.
56  */
57  udp_flow_t flow1;
58  udp_flow_t flow2;
59 
60  /* These pointers are set by get_udp_conversation_data()
61  * fwd point in the same direction as the current packet
62  * and rev in the reverse direction
63  */
64  udp_flow_t *fwd;
65  udp_flow_t *rev;
66 
67  /* Keep track of udp stream numbers instead of using the conversation
68  * index (as how it was done before). This prevents gaps in the
69  * stream index numbering
70  */
71  guint32 stream;
72 
73  /* Remember the timestamp of the first frame seen in this udp
74  * conversation to be able to calculate a relative time compared
75  * to the start of this conversation
76  */
77  nstime_t ts_first;
78 
79  /* Remember the timestamp of the frame that was last seen in this
80  * udp conversation to be able to calculate a delta time compared
81  * to previous frame in this conversation
82  */
83  nstime_t ts_prev;
84 };
85 
98 extern void
99 add_udp_process_info(guint32 frame_num, address *local_addr, address *remote_addr,
100  guint16 local_port, guint16 remote_port,
101  guint32 uid, guint32 pid,
102  gchar *username, gchar *command);
103 
108 WS_DLL_PUBLIC guint32
109 get_udp_stream_count(void);
110 
111 WS_DLL_PUBLIC void
112 decode_udp_ports(tvbuff_t *, int, packet_info *, proto_tree *, int, int, int);
113 
114 WS_DLL_PUBLIC struct udp_analysis *
115 get_udp_conversation_data(conversation_t *, packet_info *);
116 
117 /*
118  * Loop for dissecting PDUs within a UDP packet; Similar to tcp_dissect_pdus,
119  * but doesn't have stream support. Assumes that a PDU consists of a
120  * fixed-length chunk of data that contains enough information
121  * to determine the length of the PDU, followed by rest of the PDU.
122  *
123  * @param tvb the tvbuff with the (remaining) packet data passed to dissector
124  * @param pinfo the packet info of this packet (additional info) passed to dissector
125  * @param tree the protocol tree to be build or NULL passed to dissector
126  * @param fixed_len is the length of the fixed-length part of the PDU.
127  * @param heuristic_check is the optional routine called to see if dissection
128  * should be done; it's passed "pinfo", "tvb", "offset" and "dissector_data".
129  * @param get_pdu_len is a routine called to get the length of the PDU from
130  * the fixed-length part of the PDU; it's passed "pinfo", "tvb", "offset" and
131  * "dissector_data".
132  * @param dissect_pdu the sub-dissector to be called
133  * @param dissector_data parameter to pass to subdissector
134  */
135 WS_DLL_PUBLIC int
136 udp_dissect_pdus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
137  guint fixed_len,
138  gboolean (*heuristic_check)(packet_info *, tvbuff_t *, int, void*),
139  guint (*get_pdu_len)(packet_info *, tvbuff_t *, int, void*),
140  dissector_t dissect_pdu, void* dissector_data);
141 
142 #ifdef __cplusplus
143 }
144 #endif /* __cplusplus */
145 
146 #endif
Definition: address.h:55
Definition: packet-udp.h:23
Definition: packet_info.h:44
Definition: proto.h:897
Definition: packet-udp.h:35
Definition: conversation.h:202
Definition: nstime.h:26
Definition: stream.c:41
Definition: tvbuff-int.h:35
Definition: packet-udp.h:43