diff options
Diffstat (limited to 'epan/dissectors/packet-tcp.h')
| -rw-r--r-- | epan/dissectors/packet-tcp.h | 308 |
1 files changed, 163 insertions, 145 deletions
diff --git a/epan/dissectors/packet-tcp.h b/epan/dissectors/packet-tcp.h index 52205051..1e1097a3 100644 --- a/epan/dissectors/packet-tcp.h +++ b/epan/dissectors/packet-tcp.h @@ -37,69 +37,69 @@ extern "C" { #define IS_TH_URG(x) (x & TH_URG) /* Idea for gt: either x > y, or y is much bigger (assume wrap) */ -#define GT_SEQ(x, y) ((gint32)((y) - (x)) < 0) -#define LT_SEQ(x, y) ((gint32)((x) - (y)) < 0) -#define GE_SEQ(x, y) ((gint32)((y) - (x)) <= 0) -#define LE_SEQ(x, y) ((gint32)((x) - (y)) <= 0) +#define GT_SEQ(x, y) ((int32_t)((y) - (x)) < 0) +#define LT_SEQ(x, y) ((int32_t)((x) - (y)) < 0) +#define GE_SEQ(x, y) ((int32_t)((y) - (x)) <= 0) +#define LE_SEQ(x, y) ((int32_t)((x) - (y)) <= 0) #define EQ_SEQ(x, y) (x) == (y) /* mh as in mptcp header */ struct mptcpheader { - gboolean mh_mpc; /* true if seen an mp_capable option */ - gboolean mh_join; /* true if seen an mp_join option */ - gboolean mh_dss; /* true if seen a dss */ - gboolean mh_add; /* true if seen an MP_ADD */ - gboolean mh_remove; /* true if seen an MP_REMOVE */ - gboolean mh_prio; /* true if seen an MP_PRIO */ - gboolean mh_fail; /* true if seen an MP_FAIL */ - gboolean mh_fastclose; /* true if seen a fastclose */ - gboolean mh_tcprst; /* true if seen a MP_TCPRST */ + bool mh_mpc; /* true if seen an mp_capable option */ + bool mh_join; /* true if seen an mp_join option */ + bool mh_dss; /* true if seen a dss */ + bool mh_add; /* true if seen an MP_ADD */ + bool mh_remove; /* true if seen an MP_REMOVE */ + bool mh_prio; /* true if seen an MP_PRIO */ + bool mh_fail; /* true if seen an MP_FAIL */ + bool mh_fastclose; /* true if seen a fastclose */ + bool mh_tcprst; /* true if seen a MP_TCPRST */ - guint8 mh_capable_flags; /* to get hmac version for instance */ - guint8 mh_dss_flags; /* data sequence signal flag */ - guint32 mh_dss_ssn; /* DSS Subflow Sequence Number */ - guint64 mh_dss_rawdsn; /* DSS Data Sequence Number */ - guint64 mh_dss_rawack; /* DSS raw data ack */ - guint16 mh_dss_length; /* mapping/DSS length */ + uint8_t mh_capable_flags; /* to get hmac version for instance */ + uint8_t mh_dss_flags; /* data sequence signal flag */ + uint32_t mh_dss_ssn; /* DSS Subflow Sequence Number */ + uint64_t mh_dss_rawdsn; /* DSS Data Sequence Number */ + uint64_t mh_dss_rawack; /* DSS raw data ack */ + uint16_t mh_dss_length; /* mapping/DSS length */ - guint64 mh_key; /* Sender key in MP_CAPABLE */ - guint32 mh_token; /* seen in MP_JOIN. Should be a hash of the initial key */ + uint64_t mh_key; /* Sender key in MP_CAPABLE */ + uint32_t mh_token; /* seen in MP_JOIN. Should be a hash of the initial key */ - guint32 mh_stream; /* this stream index field is included to help differentiate when address/port pairs are reused */ + uint32_t mh_stream; /* this stream index field is included to help differentiate when address/port pairs are reused */ /* Data Sequence Number of the current segment. It needs to be computed from previous mappings * and as such is not necessarily set */ - guint64 mh_rawdsn64; + uint64_t mh_rawdsn64; /* DSN formatted according to the wireshark MPTCP options */ - guint64 mh_dsn; + uint64_t mh_dsn; }; /* the tcp header structure, passed to tap listeners */ typedef struct tcpheader { - guint32 th_rawseq; /* raw value */ - guint32 th_seq; /* raw or relative value depending on tcp_relative_seq */ - - guint32 th_rawack; /* raw value */ - guint32 th_ack; /* raw or relative value depending on tcp_relative_seq */ - gboolean th_have_seglen; /* TRUE if th_seglen is valid */ - guint32 th_seglen; /* in bytes */ - guint32 th_win; /* make it 32 bits so we can handle some scaling */ - guint16 th_sport; - guint16 th_dport; - guint8 th_hlen; - gboolean th_use_ace; - guint16 th_flags; - guint32 th_stream; /* this stream index field is included to help differentiate when address/port pairs are reused */ + uint32_t th_rawseq; /* raw value */ + uint32_t th_seq; /* raw or relative value depending on tcp_relative_seq */ + + uint32_t th_rawack; /* raw value */ + uint32_t th_ack; /* raw or relative value depending on tcp_relative_seq */ + bool th_have_seglen; /* true if th_seglen is valid */ + uint32_t th_seglen; /* in bytes */ + uint32_t th_win; /* make it 32 bits so we can handle some scaling */ + uint16_t th_sport; + uint16_t th_dport; + uint8_t th_hlen; + bool th_use_ace; + uint16_t th_flags; + uint32_t th_stream; /* this stream index field is included to help differentiate when address/port pairs are reused */ address ip_src; address ip_dst; /* This is the absolute maximum we could find in TCP options (RFC2018, section 3) */ #define MAX_TCP_SACK_RANGES 4 - guint8 num_sack_ranges; - guint32 sack_left_edge[MAX_TCP_SACK_RANGES]; - guint32 sack_right_edge[MAX_TCP_SACK_RANGES]; + uint8_t num_sack_ranges; + uint32_t sack_left_edge[MAX_TCP_SACK_RANGES]; + uint32_t sack_right_edge[MAX_TCP_SACK_RANGES]; /* header for TCP option Multipath Operation */ struct mptcpheader *th_mptcp; @@ -112,12 +112,13 @@ typedef struct tcpheader { * changes! */ struct tcpinfo { - guint32 seq; /* Sequence number of first byte in the data */ - guint32 nxtseq; /* Sequence number of first byte after data */ - guint32 lastackseq; /* Sequence number of last ack */ - gboolean is_reassembled; /* This is reassembled data. */ - guint16 flags; /* TCP flags */ - guint16 urgent_pointer; /* Urgent pointer value for the current packet. */ + uint32_t seq; /* Sequence number of first byte in the data */ + uint32_t nxtseq; /* Sequence number of first byte after data */ + uint32_t lastackseq; /* Sequence number of last ack */ + bool is_reassembled; /* This is reassembled data. */ + uint16_t flags; /* TCP flags */ + uint16_t urgent_pointer; /* Urgent pointer value for the current packet. */ + uint32_t stream; /* Stream id passed to export PDU */ }; /* @@ -141,53 +142,55 @@ struct tcpinfo { */ WS_DLL_PUBLIC void tcp_dissect_pdus(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, - gboolean proto_desegment, guint fixed_len, - guint (*get_pdu_len)(packet_info *, tvbuff_t *, int, void*), + bool proto_desegment, unsigned fixed_len, + unsigned (*get_pdu_len)(packet_info *, tvbuff_t *, int, void*), dissector_t dissect_pdu, void* dissector_data); extern const reassembly_table_functions tcp_reassembly_table_functions; extern struct tcp_multisegment_pdu * -pdu_store_sequencenumber_of_next_pdu(packet_info *pinfo, guint32 seq, guint32 nxtpdu, wmem_tree_t *multisegment_pdus); +pdu_store_sequencenumber_of_next_pdu(packet_info *pinfo, uint32_t seq, uint32_t nxtpdu, wmem_tree_t *multisegment_pdus); typedef struct _tcp_unacked_t { struct _tcp_unacked_t *next; - guint32 frame; - guint32 seq; - guint32 nextseq; + uint32_t frame; + uint32_t seq; + uint32_t nextseq; nstime_t ts; } tcp_unacked_t; struct tcp_acked { - guint32 frame_acked; + uint32_t frame_acked; nstime_t ts; - guint32 rto_frame; + uint32_t rto_frame; nstime_t rto_ts; /* Time since previous packet for retransmissions. */ - guint16 flags; /* see TCP_A_* in packet-tcp.c */ - guint32 dupack_num; /* dup ack number */ - guint32 dupack_frame; /* dup ack to frame # */ - guint32 bytes_in_flight; /* number of bytes in flight */ - guint32 push_bytes_sent; /* bytes since the last PSH flag */ + uint16_t flags; /* see TCP_A_* in packet-tcp.c */ + uint32_t dupack_num; /* dup ack number */ + uint32_t dupack_frame; /* dup ack to frame # */ + uint32_t bytes_in_flight; /* number of bytes in flight */ + uint32_t push_bytes_sent; /* bytes since the last PSH flag */ - guint32 new_data_seq; /* For segments with old data, + uint32_t new_data_seq; /* For segments with old data, where new data starts */ + bool partial_ack; /* true when acknowledging data + and not a full segment */ }; /* One instance of this structure is created for each pdu that spans across * multiple tcp segments. */ struct tcp_multisegment_pdu { - guint32 seq; - guint32 nxtpdu; - guint32 first_frame; /* The frame where this MSP was created (used as key in reassembly tables). */ - guint32 last_frame; + uint32_t seq; + uint32_t nxtpdu; + uint32_t first_frame; /* The frame where this MSP was created (used as key in reassembly tables). */ + uint32_t last_frame; nstime_t last_frame_time; - guint32 first_frame_with_seq; /* The frame that contains the first frame that matches 'seq' + uint32_t first_frame_with_seq; /* The frame that contains the first frame that matches 'seq' (same as 'first_frame', larger than 'first_frame' for OoO segments) */ - guint32 flags; + uint32_t flags; #define MSP_FLAGS_REASSEMBLE_ENTIRE_SEGMENT 0x00000001 /* Whether this MSP is finished and no more segments can be added. */ #define MSP_FLAGS_GOT_ALL_SEGMENTS 0x00000002 @@ -202,28 +205,28 @@ struct tcp_multisegment_pdu { */ typedef struct _mptcp_dss_mapping_t { -/* In DSS, SSN are enumeratad with relative seq_nb, i.e. starting from 0 */ +/* In DSS, SSN are enumerated with relative seq_nb, i.e. starting from 0 */ - guint32 ssn_low; - guint32 ssn_high; + uint32_t ssn_low; + uint32_t ssn_high; /* Ideally the dsn should always be registered with the extended version * but it may not be possible if we don't know the 32 MSB of the base_dsn */ - gboolean extended_dsn; /* TRUE if MPTCP_DSS_FLAG_DATA_8BYTES */ + bool extended_dsn; /* true if MPTCP_DSS_FLAG_DATA_8BYTES */ - guint64 rawdsn; /* matches the low member of range + uint64_t rawdsn; /* matches the low member of range should be converted to the 64 bits version before being registered */ /* to check if mapping was sent before or after packet */ -guint32 frame; +uint32_t frame; } mptcp_dss_mapping_t; /* Structure used in mptcp meta member 'dsn_map' */ typedef struct _mptcp_dsn2packet_mapping_t { - guint32 frame; /* packet to look into PINFO_FD_NUM */ + uint32_t frame; /* packet to look into PINFO_FD_NUM */ struct tcp_analysis* subflow; /* in order to get statistics */ } mptcp_dsn2packet_mapping_t; @@ -234,41 +237,41 @@ all the subflows */ typedef struct _mptcp_meta_flow_t { - guint8 static_flags; /* remember which fields are set */ + uint8_t static_flags; /* remember which fields are set */ - /* flags exchanged between hosts during 3WHS. Gives checksum/extensiblity/hmac information */ - guint8 flags; - guint64 base_dsn; /* first data seq number (used by relative sequence numbers) seen. */ - guint64 nextseq; /* highest seen nextseq */ - guint64 dfin; /* data fin */ + /* flags exchanged between hosts during 3WHS. Gives checksum/extensibility/hmac information */ + uint8_t flags; + uint64_t base_dsn; /* first data seq number (used by relative sequence numbers) seen. */ + uint64_t nextseq; /* highest seen nextseq */ + uint64_t dfin; /* data fin */ - guint8 version; /* negociated mptcp version */ + uint8_t version; /* negotiated mptcp version */ - guint64 key; /* if it was set */ + uint64_t key; /* if it was set */ /* expected token sha1 digest of keys, truncated to 32 most significant bits derived from key. Stored to speed up subflow/MPTCP connection mapping */ - guint32 token; + uint32_t token; - guint32 nextseqframe; /* frame number for segment with highest sequence number */ + uint32_t nextseqframe; /* frame number for segment with highest sequence number */ /* highest seen continuous seq number (without hole in the stream) */ - guint64 maxseqtobeacked; + uint64_t maxseqtobeacked; - guint64 fin; /* frame number of the final dataFIN */ + uint64_t fin; /* frame number of the final dataFIN */ /* first addresses registered */ address ip_src; address ip_dst; - guint32 sport; - guint32 dport; + uint32_t sport; + uint32_t dport; } mptcp_meta_flow_t; /* MPTCP data specific to this subflow direction */ struct mptcp_subflow { - guint8 static_flags; /* flags stating which of the flow */ - guint32 nonce; /* used only for MP_JOIN */ - guint8 address_id; /* sent during an MP_JOIN */ + uint8_t static_flags; /* flags stating which of the flow */ + uint32_t nonce; /* used only for MP_JOIN */ + uint8_t address_id; /* sent during an MP_JOIN */ /* map DSN to packets @@ -303,16 +306,16 @@ typedef enum { */ typedef struct tcp_analyze_seq_flow_info_t { tcp_unacked_t *segments;/* List of segments for which we haven't seen an ACK */ - guint16 segment_count; /* How many unacked segments we're currently storing */ - guint32 lastack; /* Last seen ack for the reverse flow */ + uint16_t segment_count; /* How many unacked segments we're currently storing */ + uint32_t lastack; /* Last seen ack for the reverse flow */ nstime_t lastacktime; /* Time of the last ack packet */ - guint32 lastnondupack; /* frame number of last seen non dupack */ - guint32 dupacknum; /* dupack number */ - guint32 nextseq; /* highest seen nextseq */ - guint32 maxseqtobeacked;/* highest seen continuous seq number (without hole in the stream) from the fwd party, + uint32_t lastnondupack; /* frame number of last seen non dupack */ + uint32_t dupacknum; /* dupack number */ + uint32_t nextseq; /* highest seen nextseq */ + uint32_t maxseqtobeacked;/* highest seen continuous seq number (without hole in the stream) from the fwd party, * this is the maximum seq number that can be acked by the rev party in normal case. * If the rev party sends an ACK beyond this seq number it indicates TCP_A_ACK_LOST_PACKET condition */ - guint32 nextseqframe; /* frame number for segment with highest + uint32_t nextseqframe; /* frame number for segment with highest * sequence number */ nstime_t nextseqtime; /* Time of the nextseq packet so we can @@ -320,42 +323,42 @@ typedef struct tcp_analyze_seq_flow_info_t { * fast retransmissions and outoforder */ - guint8 lastacklen; /* length of the last fwd ACK packet - 0 means pure ACK */ + uint8_t lastacklen; /* length of the last fwd ACK packet - 0 means pure ACK */ /* * Handling of SACK blocks * Copied from tcpheader */ - guint8 num_sack_ranges; - guint32 sack_left_edge[MAX_TCP_SACK_RANGES]; - guint32 sack_right_edge[MAX_TCP_SACK_RANGES]; + uint8_t num_sack_ranges; + uint32_t sack_left_edge[MAX_TCP_SACK_RANGES]; + uint32_t sack_right_edge[MAX_TCP_SACK_RANGES]; } tcp_analyze_seq_flow_info_t; /* Process info, currently discovered via IPFIX */ typedef struct tcp_process_info_t { - guint32 process_uid; /* UID of local process */ - guint32 process_pid; /* PID of local process */ - gchar *username; /* Username of the local process */ - gchar *command; /* Local process name + path + args */ + uint32_t process_uid; /* UID of local process */ + uint32_t process_pid; /* PID of local process */ + char *username; /* Username of the local process */ + char *command; /* Local process name + path + args */ } tcp_process_info_t; typedef struct _tcp_flow_t { - guint8 static_flags; /* true if base seq set */ - guint32 base_seq; /* base seq number (used by relative sequence numbers)*/ + uint8_t static_flags; /* true if base seq set */ + uint32_t base_seq; /* base seq number (used by relative sequence numbers)*/ #define TCP_MAX_UNACKED_SEGMENTS 10000 /* The most unacked segments we'll store */ - guint32 fin; /* frame number of the final FIN */ - guint32 window; /* last seen window */ - gint16 win_scale; /* -1 is we don't know, -2 is window scaling is not used */ - gint16 scps_capable; /* flow advertised scps capabilities */ - guint16 maxsizeacked; /* 0 if not yet known */ - gboolean valid_bif; /* if lost pkts, disable BiF until ACK is recvd */ - guint32 push_bytes_sent; /* bytes since the last PSH flag */ - gboolean push_set_last; /* tracking last time PSH flag was set */ - guint8 mp_operations; /* tracking of the MPTCP operations */ - gboolean is_first_ack; /* indicates if this is the first ACK */ - gboolean closing_initiator; /* tracking who is responsible of the connection end */ + uint32_t fin; /* frame number of the final FIN */ + uint32_t window; /* last seen window */ + int16_t win_scale; /* -1 is we don't know, -2 is window scaling is not used */ + int16_t scps_capable; /* flow advertised scps capabilities */ + uint16_t maxsizeacked; /* 0 if not yet known */ + bool valid_bif; /* if lost pkts, disable BiF until ACK is recvd */ + uint32_t push_bytes_sent; /* bytes since the last PSH flag */ + bool push_set_last; /* tracking last time PSH flag was set */ + uint8_t mp_operations; /* tracking of the MPTCP operations */ + bool is_first_ack; /* indicates if this is the first ACK */ + bool closing_initiator; /* tracking who is responsible of the connection end */ tcp_analyze_seq_flow_info_t* tcp_analyze_seq_info; @@ -363,15 +366,18 @@ typedef struct _tcp_flow_t { * be reassembled until the final FIN segment. */ #define TCP_FLOW_REASSEMBLE_UNTIL_FIN 0x0001 - guint16 flags; + uint16_t flags; /* see TCP_A_* in packet-tcp.c */ - guint32 lastsegmentflags; + uint32_t lastsegmentflags; /* The next (largest) sequence number after all segments seen so far. * Valid only on the first pass and used to handle out-of-order segments * during reassembly. */ - guint32 maxnextseq; + uint32_t maxnextseq; + + /* The number of data flows seen in that direction */ + uint16_t flow_count; /* This tree is indexed by sequence number and keeps track of all * all pdus spanning multiple segments for this flow. @@ -391,7 +397,7 @@ typedef struct _tcp_flow_t { /* Stores common information between both hosts of the MPTCP connection*/ struct mptcp_analysis { - guint16 mp_flags; /* MPTCP meta analysis related, see MPTCP_META_* in packet-tcp.c */ + uint16_t mp_flags; /* MPTCP meta analysis related, see MPTCP_META_* in packet-tcp.c */ /* * For other subflows, they link the meta via mptcp_subflow_t::meta_flow @@ -399,15 +405,15 @@ struct mptcp_analysis { */ mptcp_meta_flow_t meta_flow[2]; - guint32 stream; /* Keep track of unique mptcp stream (per MP_CAPABLE handshake) */ - guint8 hmac_algo; /* hmac decided after negociation */ + uint32_t stream; /* Keep track of unique mptcp stream (per MP_CAPABLE handshake) */ + uint8_t hmac_algo; /* hmac decided after negotiation */ wmem_list_t* subflows; /* List of subflows (tcp_analysis) */ /* identifier of the tcp stream that saw the initial 3WHS with MP_CAPABLE option */ struct tcp_analysis *master; /* Keep track of the last TCP operations seen in order to avoid false DUP ACKs */ - guint8 mp_operations; + uint8_t mp_operations; }; struct tcp_analysis { @@ -469,17 +475,22 @@ struct tcp_analysis { * index (as how it was done before). This prevents gaps in the * stream index numbering */ - guint32 stream; + uint32_t stream; + + /* Keep track of packet number within the TCP stream */ + uint32_t pnum; /* Remembers the server port on the SYN (or SYN|ACK) packet to * help determine which dissector to call */ - guint16 server_port; - + uint16_t server_port; /* Set when the client sends a SYN with data and the cookie in the Fast Open * option. */ - guint8 tfo_syn_data : 1; + uint8_t tfo_syn_data : 1; + + /* Remembers which side is currently sending data. */ + int8_t flow_direction : 2; /* allocated only when mptcp enabled * several tcp_analysis may refer to the same mptcp_analysis @@ -492,15 +503,15 @@ struct tcp_analysis { * just some parts if we jumped on the bandwagon of an already established * connection or left before it was terminated explicitly */ - guint8 conversation_completeness; + uint8_t conversation_completeness; /* Stores the value as a String to be displayed in the appropriate field */ - gchar *conversation_completeness_str; + char *conversation_completeness_str; /* Track AccECN support */ - gboolean had_acc_ecn_setup_syn; - gboolean had_acc_ecn_setup_syn_ack; - gboolean had_acc_ecn_option; + bool had_acc_ecn_setup_syn; + bool had_acc_ecn_setup_syn_ack; + bool had_acc_ecn_option; }; /* Structure that keeps per packet data. First used to be able @@ -509,7 +520,8 @@ struct tcp_analysis { */ struct tcp_per_packet_data_t { nstime_t ts_del; - guint8 tcp_snd_manual_analysis; + uint32_t pnum; + uint8_t tcp_snd_manual_analysis; }; /* Structure that keeps per packet data. Some operations are cpu-intensive and are @@ -524,15 +536,21 @@ typedef struct mptcp_per_packet_data_t_ { WS_DLL_PUBLIC void dissect_tcp_payload(tvbuff_t *tvb, packet_info *pinfo, int offset, - guint32 seq, guint32 nxtseq, guint32 sport, - guint32 dport, proto_tree *tree, + uint32_t seq, uint32_t nxtseq, uint32_t sport, + uint32_t dport, proto_tree *tree, proto_tree *tcp_tree, struct tcp_analysis *tcpd, struct tcpinfo *tcpinfo); WS_DLL_PUBLIC struct tcp_analysis *get_tcp_conversation_data(conversation_t *conv, packet_info *pinfo); -WS_DLL_PUBLIC gboolean decode_tcp_ports(tvbuff_t *, int, packet_info *, proto_tree *, int, int, struct tcp_analysis *, struct tcpinfo *); +/** Same as get_tcp_conversation_data(), without updating any data at all. Thus, + * it really identifies the conversation data and doesn't do anything with it. + * + */ +WS_DLL_PUBLIC struct tcp_analysis *get_tcp_conversation_data_idempotent(conversation_t *conv); + +WS_DLL_PUBLIC bool decode_tcp_ports(tvbuff_t *, int, packet_info *, proto_tree *, int, int, struct tcp_analysis *, struct tcpinfo *); /** Associate process information with a given flow * @@ -546,24 +564,24 @@ WS_DLL_PUBLIC gboolean decode_tcp_ports(tvbuff_t *, int, packet_info *, proto_tr * @param username Ephemeral string containing the full or partial process name * @param command Ephemeral string containing the full or partial process name */ -extern void add_tcp_process_info(guint32 frame_num, address *local_addr, address *remote_addr, guint16 local_port, guint16 remote_port, guint32 uid, guint32 pid, gchar *username, gchar *command); +extern void add_tcp_process_info(uint32_t frame_num, address *local_addr, address *remote_addr, uint16_t local_port, uint16_t remote_port, uint32_t uid, uint32_t pid, char *username, char *command); /** Get the current number of TCP streams * * @return The number of TCP streams */ -WS_DLL_PUBLIC guint32 get_tcp_stream_count(void); +WS_DLL_PUBLIC uint32_t get_tcp_stream_count(void); /** Get the current number of MPTCP streams * * @return The number of MPTCP streams */ -WS_DLL_PUBLIC guint32 get_mptcp_stream_count(void); +WS_DLL_PUBLIC uint32_t get_mptcp_stream_count(void); /* Follow Stream functionality shared with HTTP (and SSL?) */ -extern gchar *tcp_follow_conv_filter(epan_dissect_t *edt, packet_info *pinfo, guint *stream, guint *sub_stream); -extern gchar *tcp_follow_index_filter(guint stream, guint sub_stream); -extern gchar *tcp_follow_address_filter(address *src_addr, address *dst_addr, int src_port, int dst_port); +extern char *tcp_follow_conv_filter(epan_dissect_t *edt, packet_info *pinfo, unsigned *stream, unsigned *sub_stream); +extern char *tcp_follow_index_filter(unsigned stream, unsigned sub_stream); +extern char *tcp_follow_address_filter(address *src_addr, address *dst_addr, int src_port, int dst_port); #ifdef __cplusplus } |