WAND Trace processing  4.0.5
protocols.h File Reference

Protocol access functions that have not yet been made available through the external API. More...

Go to the source code of this file.

Data Structures

struct  ports_t
 Ports structure used to get the source and destination ports for transport protocols. More...
 

Functions

void * trace_get_payload_from_ethernet (void *ethernet, uint16_t *type, uint32_t *remaining)
 Gets a pointer to the payload following an Ethernet header. More...
 

Detailed Description

Protocol access functions that have not yet been made available through the external API.

These are protocol decoders that haven't yet seen enough use to consider their API stable enough to move into libtrace.h where they probably belong.

Function Documentation

void* trace_get_payload_from_ethernet ( void *  ethernet,
uint16_t *  type,
uint32_t *  remaining 
)

Gets a pointer to the payload following an Ethernet header.

Parameters
ethernetA pointer to the Ethernet header
[out]typeSet to contain the Ethernet type of the next header
[in,out]remainingUpdated with the number of captured bytes remaining
Returns
A pointer to the header following the provided Ethernet header, or NULL if no subsequent header is present.

Remaining must point to the number of bytes captured from the Ethernet header and beyond. It will be decremented by the number of bytes skipped to find the payload.

If the Ethernet header is complete but there are zero bytes of payload after the end of the header, a pointer to where the payload would be is returned and remaining will be set to 0. If the Ethernet header is incomplete (truncated), then NULL is returned and remaining will be set to 0. Therefore, it is very important to check the value of remaining after calling this function.

Note
trace_get_payload_from_layer2 provides a suitable alternative that is actually available via the external API

References libtrace_ether::ether_type.

Referenced by trace_get_layer3(), and trace_get_payload_from_layer2().