Wireshark  4.3.0
The Wireshark network protocol analyzer
packet-udp.h
1 /* packet-udp.h
2  *
3  * Wireshark - Network traffic analyzer
4  * By Gerald Combs <gerald@wireshark.org>
5  * Copyright 1998 Gerald Combs
6  *
7  *
8  * SPDX-License-Identifier: GPL-2.0-or-later
9  */
10 
11 #ifndef __PACKET_UDP_H__
12 #define __PACKET_UDP_H__
13 
14 #include "ws_symbol_export.h"
15 
16 #include <epan/conversation.h>
17 
18 #ifdef __cplusplus
19 extern "C" {
20 #endif /* __cplusplus */
21 
22 /* UDP structs and definitions */
23 typedef struct _e_udphdr {
24  guint16 uh_sport;
25  guint16 uh_dport;
26  guint32 uh_ulen;
27  guint32 uh_sum_cov;
28  guint16 uh_sum;
29  guint32 uh_stream; /* this stream index field is included to help differentiate when address/port pairs are reused */
30  address ip_src;
31  address ip_dst;
32 } e_udphdr;
33 
34 /* Conversation and process structures originally copied from packet-tcp.c */
35 typedef struct _udp_flow_t {
36  /* Process info, currently discovered via IPFIX */
37  guint32 process_uid; /* UID of local process */
38  guint32 process_pid; /* PID of local process */
39  gchar *username; /* Username of the local process */
40  gchar *command; /* Local process name + path + args */
41 } udp_flow_t;
42 
43 struct udp_analysis {
44  /* These two structs are managed based on comparing the source
45  * and destination addresses and, if they're equal, comparing
46  * the source and destination ports.
47  *
48  * If the source is greater than the destination, then stuff
49  * sent from src is in ual1.
50  *
51  * If the source is less than the destination, then stuff
52  * sent from src is in ual2.
53  *
54  * XXX - if the addresses and ports are equal, we don't guarantee
55  * the behavior.
56  */
57  udp_flow_t flow1;
58  udp_flow_t flow2;
59 
60  /* These pointers are set by get_udp_conversation_data()
61  * fwd point in the same direction as the current packet
62  * and rev in the reverse direction
63  */
64  udp_flow_t *fwd;
65  udp_flow_t *rev;
66 
67  /* Keep track of udp stream numbers instead of using the conversation
68  * index (as how it was done before). This prevents gaps in the
69  * stream index numbering
70  */
71  guint32 stream;
72 
73  /* Keep track of packet number within the UDP stream */
74  uint32_t pnum;
75 
76  /* Remember the timestamp of the first frame seen in this udp
77  * conversation to be able to calculate a relative time compared
78  * to the start of this conversation
79  */
80  nstime_t ts_first;
81 
82  /* Remember the timestamp of the frame that was last seen in this
83  * udp conversation to be able to calculate a delta time compared
84  * to previous frame in this conversation
85  */
86  nstime_t ts_prev;
87 };
88 
101 extern void
102 add_udp_process_info(guint32 frame_num, address *local_addr, address *remote_addr,
103  guint16 local_port, guint16 remote_port,
104  guint32 uid, guint32 pid,
105  gchar *username, gchar *command);
106 
111 WS_DLL_PUBLIC guint32
112 get_udp_stream_count(void);
113 
114 WS_DLL_PUBLIC void
115 decode_udp_ports(tvbuff_t *, int, packet_info *, proto_tree *, int, int, int);
116 
117 WS_DLL_PUBLIC struct udp_analysis *
118 get_udp_conversation_data(conversation_t *, packet_info *);
119 
120 /*
121  * Loop for dissecting PDUs within a UDP packet; Similar to tcp_dissect_pdus,
122  * but doesn't have stream support. Assumes that a PDU consists of a
123  * fixed-length chunk of data that contains enough information
124  * to determine the length of the PDU, followed by rest of the PDU.
125  *
126  * @param tvb the tvbuff with the (remaining) packet data passed to dissector
127  * @param pinfo the packet info of this packet (additional info) passed to dissector
128  * @param tree the protocol tree to be build or NULL passed to dissector
129  * @param fixed_len is the length of the fixed-length part of the PDU.
130  * @param heuristic_check is the optional routine called to see if dissection
131  * should be done; it's passed "pinfo", "tvb", "offset" and "dissector_data".
132  * @param get_pdu_len is a routine called to get the length of the PDU from
133  * the fixed-length part of the PDU; it's passed "pinfo", "tvb", "offset" and
134  * "dissector_data".
135  * @param dissect_pdu the sub-dissector to be called
136  * @param dissector_data parameter to pass to subdissector
137  */
138 WS_DLL_PUBLIC int
139 udp_dissect_pdus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
140  guint fixed_len,
141  gboolean (*heuristic_check)(packet_info *, tvbuff_t *, int, void*),
142  guint (*get_pdu_len)(packet_info *, tvbuff_t *, int, void*),
143  dissector_t dissect_pdu, void* dissector_data);
144 
145 #ifdef __cplusplus
146 }
147 #endif /* __cplusplus */
148 
149 #endif
Definition: address.h:56
Definition: packet-udp.h:23
Definition: packet_info.h:44
Definition: proto.h:904
Definition: packet-udp.h:35
Definition: conversation.h:220
Definition: nstime.h:26
Definition: stream.c:41
Definition: tvbuff-int.h:35
Definition: packet-udp.h:43