<META

Details

ND_PacketFunc ()

void        (*ND_PacketFunc)                (ND_Packet *packet,
                                             ND_ProtoData *pd,
                                             void *user_data);

Functions of this signature are used to iterate over the protocols that are contained in packtes. See nd_packet_foreach_proto() and nd_packet_foreach_proto_backward().

`packet` :	the packet over whose protocol data is iterated.
`pd` :	iterated protocol data.
`user_data` :	arbitrary data passed through to this callback.

nd_packet_new ()

ND_Packet*  nd_packet_new                   (ND_Trace *trace);

The function creates a packet and returns it. Each packet must belong to a trace. The function does not register the packet in the trace, because a packet could be inserted anywhere.

`trace` :	trace the new packet will belong to.
Returns :	fresh packet.

nd_packet_pcap_read_handler ()

void        nd_packet_pcap_read_handler     (u_char *data,
                                             const struct pcap_pkthdr *h,
                                             const u_char *pdata);

`data` :
`h` :
`pdata` :

nd_packet_pcap_read_handler_gui ()

void        nd_packet_pcap_read_handler_gui (u_char *data,
                                             const struct pcap_pkthdr *h,
                                             const u_char *pdata);

`data` :
`h` :
`pdata` :

nd_packet_free ()

void        nd_packet_free                  (ND_Packet *packet);

This cleans up the memory used by a packet. It does not take care of removing the packet from the tcpdump list etc -- you likely want to use nd_packet_delete()!

packet : packet to clean up.

nd_packet_duplicate ()

ND_Packet*  nd_packet_duplicate             (ND_Packet *packet);

Returns a deep copy of a packet, but with the list pointers set to NULL (i.e. the copy does not belong to any packet list).

`packet` :	packet to copy.
Returns :	packet copy or NULL when error occured.

nd_packet_delete ()

void        nd_packet_delete                (ND_Packet *packet,
                                             gboolean update_gui);

This function removes packet from its trace's packet lists, removes the GUI line if gui_update is TRUE, then frees packet.

`packet` :	deleted packet.
`update_gui` :	whether to update the GUI or not.

nd_packet_init ()

void        nd_packet_init                  (ND_Packet *packet);

The function initializes a packet, its data offset pointers, and the protocol types for the protcol stack. It cleans up before adjusting internal settings, so you can call this repeatedly.

packet : packet to initialize.

nd_packet_is_complete ()

gboolean    nd_packet_is_complete           (const ND_Packet *packet);

The predicate returns TRUE if the packet was captured completely (i.e. pcap's caplen == len) and FALSE otherwise.

`packet` :	packet to check.
Returns :	completeness result.

nd_packet_update ()

void        nd_packet_update                (ND_Packet *packet,
                                             ND_Protocol *proto,
                                             guint nesting);

This is nd_packet_init()'s little brother. It doesn't initialize the whole packet, but only the part starting at proto with nesting level nesting.

`packet` :	packet to update.
`proto` :	protocol where to start update.
`nesting` :	at what nesting of `proto` to update.

nd_packet_set_gui ()

void        nd_packet_set_gui               (const ND_Packet *packet);

The function adjusts the GUI to packet contents, for all protocols contained in the packet.

packet : packet that provides settings.

nd_packet_get_data ()

guchar*     nd_packet_get_data              (const ND_Packet *packet,
                                             const ND_Protocol *proto,
                                             guint nesting);

The function returns a pointer to the packet data containing the start of proto's data at the given nesting level. If the packet doesn't contain any such data, NULL is returned.

`packet` :	packet to query.
`proto` :	protocol to look up.
`nesting` :	nesting level of `proto` to use.
Returns :	data pointer.

nd_packet_get_data_end ()

guchar*     nd_packet_get_data_end          (const ND_Packet *packet,
                                             const ND_Protocol *proto,
                                             guint nesting);

The function returns a pointer to the first byte after the data containing the start of proto's data at the given nesting level. If the packet doesn't contain any such data, NULL is returned.

`packet` :	packet to query.
`proto` :	protocol to look up.
`nesting` :	nesting level of `proto` to use.
Returns :	data pointer.

nd_packet_add_proto_data ()

void        nd_packet_add_proto_data        (ND_Packet *packet,
                                             ND_Protocol *proto,
                                             guchar *data,
                                             guchar *data_end);

Each packet internally maintains a list of data offsets which store info about the protocol type, nesting etc. This function appends a new chunk information to that list. It is called from nd_packet_init() and nd_packet_update(), chances are you want these functions instead.

`packet` :	packet to update.
`proto` :	protocol type of data chunk
`data` :	start of protocol data.
`data_end` :	first byte of data after protocol data.

nd_packet_get_proto_data ()

ND_ProtoData* nd_packet_get_proto_data      (const ND_Packet *packet,
                                             const ND_Protocol *proto,
                                             guint nesting);

This function is like nd_packet_get_data, but does not only return the data pointer but the full ND_ProtoData structure, which yields nesting info, data start end end pointers etc.

`packet` :	packet to query.
`proto` :	protocol to look up.
`nesting` :	nesting level for `proto`.
Returns :	protocol data or `NULL` if n/a.

nd_packet_get_end ()

guchar*     nd_packet_get_end               (const ND_Packet *packet);

The function returns a ponter to the byte following the last byte of the captured data.

`packet` :	packet to query.
Returns :	data pointer.

nd_packet_has_complete_header ()

gboolean    nd_packet_has_complete_header   (const ND_Packet *packet,
                                             const ND_Protocol *proto,
                                             guint nesting);

The predicate returns TRUE when a packet contains a complete header of the requested protocol, FALSE otherwise. The implementation of the check itself is up to the implementation of proto's plug-in. If you only need to know whether a protocol is present in the packet at all, use nd_packet_has_proto(), which is faster.

`packet` :	packet to query.
`proto` :	protocol to check for.
`nesting` :	nesting level for `proto`.
Returns :	check result.

nd_packet_has_proto ()

gboolean    nd_packet_has_proto             (const ND_Packet *packet,
                                             const ND_Protocol *proto);

The predicate returns TRUE when a packet contains data of the given protocol. It may contain multiple instances of a protocol, but the function only checks if a protocol is present at all. If you need to find out whether a protocol is present at a given nesting level (e.g. whether a packet contains IP in IP), use nd_packet_has_complete_header() or nd_packet_has_proto_nested().

`packet` :	packet to query.
`proto` :	protocol to check for.
Returns :	check result.

nd_packet_has_proto_nested ()

gboolean    nd_packet_has_proto_nested      (const ND_Packet *packet,
                                             const ND_Protocol *proto,
                                             guint nesting);

The predicate returns TRUE when a packet contains data of the given protocol at the requested nesting level. If you only need to find out whether a protocol is present at all, use nd_packet_has_proto() instead, which is faster.

`packet` :	packet to query.
`proto` :	protocol to check for.
`nesting` :	nesting level of `proto`.
Returns :	check result.

nd_packet_update_proto_state ()

void        nd_packet_update_proto_state    (ND_Packet *packet,
                                             int index);

`packet` :
`index` :

nd_packet_foreach_proto ()

void        nd_packet_foreach_proto         (ND_Packet *packet,
                                             ND_PacketFunc cb,
                                             void *user_data);

The function iterates over the protocols in the packet, from outer- to the innermost, and calls cb with that the corresponding packet, protocol data and user_data.

`packet` :	packet whose protocols to iterate.
`cb` :	callback to call.
`user_data` :	arbitrary data passed to `cb`.

nd_packet_foreach_proto_backward ()

void        nd_packet_foreach_proto_backward
                                            (ND_Packet *packet,
                                             ND_PacketFunc cb,
                                             void *user_data);

The function iterates over the protocols in the packet, from inner- to the outermost, and calls cb with that the corresponding packet, protocol data and user_data.

`packet` :	packet whose protocols to iterate.
`cb` :	callback to call.
`user_data` :	arbitrary data passed to `cb`.

nd_packet_modified ()

void        nd_packet_modified              (ND_Packet *packet);

The function marks a packet as modified and updates the GUI accordingly. If you know the packet's index, pass it, otherwise pass -1 for index or use nd_packet_modified().

packet : packet to mark.

nd_packet_modified_at_index ()

void        nd_packet_modified_at_index     (ND_Packet *packet,
                                             int index);

`packet` :
`index` :

nd_packet_get_index ()

int         nd_packet_get_index             (const ND_Packet *packet);

The function returns the index of the packet in it's trace, the first packet has index 0.

`packet` :	packet to query.
Returns :	index, or -1 if error occurred.

nd_packet_get_proto_nesting ()

int         nd_packet_get_proto_nesting     (const ND_Packet *packet,
                                             const ND_Protocol *proto,
                                             guchar *data);

The function returns the nesting level of proto at the given data offset. The first occurrence of a protocol has nesting level 0. So, if you call this for IP and the data pointer points to somewhere in or after the IP header in an ICMP error message, the nesting level will be 1.

`packet` :	packet to query.
`proto` :	protocol whose nesting level to find.
`data` :	data pointer.
Returns :	nesting level, or -1 when an error occurred.

nd_packet

Name

Synopsis

Description