From ae28ce7a11de542c8d9598670c365bd7f37447b5 Mon Sep 17 00:00:00 2001
From: Osama Khalid <osama@codinghazard.com>
Date: Fri, 23 Jan 2026 21:27:54 -0500
Subject: [PATCH] fix: add bindings to manage heuristic dissectors

---
 lib/wiregasm/bindings.cpp |  32 +++++++++
 lib/wiregasm/wiregasm.cpp | 135 ++++++++++++++++++++++++++++++++++++++
 lib/wiregasm/wiregasm.h   |  56 +++++++++++++++-
 samples/nr.pcapng         | Bin 0 -> 12300 bytes
 src/index.test.ts         | 111 +++++++++++++++++++++++++++++++
 src/index.ts              |  59 +++++++++++++++++
 src/types.ts              |  64 ++++++++++++++++++
 7 files changed, 456 insertions(+), 1 deletion(-)
 create mode 100644 samples/nr.pcapng

diff --git a/lib/wiregasm/bindings.cpp b/lib/wiregasm/bindings.cpp
index 1d5923e..aa9bbbc 100644
--- a/lib/wiregasm/bindings.cpp
+++ b/lib/wiregasm/bindings.cpp
@@ -20,6 +20,13 @@ EMSCRIPTEN_BINDINGS(Wiregasm) {
   emscripten::function("listPreferences", &wg_list_preferences);
   emscripten::function("applyPreferences", &wg_prefs_apply_all);
   emscripten::function("wiresharkVersion", &wg_ws_version);
+  // Protocol enable/disable functions
+  emscripten::function("listProtocols", &wg_list_protocols);
+  emscripten::function("setProtocolEnabled", &wg_set_protocol_enabled);
+  emscripten::function("setProtocolEnabledByName", &wg_set_protocol_enabled_by_name);
+  // Heuristic dissector enable/disable functions
+  emscripten::function("listHeuristicDissectors", &wg_list_heuristic_dissectors);
+  emscripten::function("setHeuristicEnabled", &wg_set_heuristic_enabled);
 }
 
 EMSCRIPTEN_BINDINGS(DissectSession) {
@@ -306,3 +313,28 @@ EMSCRIPTEN_BINDINGS(ExportObject) {
 EMSCRIPTEN_BINDINGS(MapInput) {
   register_map<string, string>("MapInput");
 }
+
+EMSCRIPTEN_BINDINGS(ProtocolInfo) {
+  value_object<ProtocolInfo>("ProtocolInfo")
+      .field("id", &ProtocolInfo::id)
+      .field("name", &ProtocolInfo::name)
+      .field("long_name", &ProtocolInfo::long_name)
+      .field("enabled", &ProtocolInfo::enabled)
+      .field("enabled_by_default", &ProtocolInfo::enabled_by_default)
+      .field("can_toggle", &ProtocolInfo::can_toggle);
+
+  register_vector<ProtocolInfo>("VectorProtocolInfo");
+}
+
+EMSCRIPTEN_BINDINGS(HeuristicInfo) {
+  value_object<HeuristicInfo>("HeuristicInfo")
+      .field("short_name", &HeuristicInfo::short_name)
+      .field("display_name", &HeuristicInfo::display_name)
+      .field("list_name", &HeuristicInfo::list_name)
+      .field("protocol_name", &HeuristicInfo::protocol_name)
+      .field("protocol_id", &HeuristicInfo::protocol_id)
+      .field("enabled", &HeuristicInfo::enabled)
+      .field("enabled_by_default", &HeuristicInfo::enabled_by_default);
+
+  register_vector<HeuristicInfo>("VectorHeuristicInfo");
+}
diff --git a/lib/wiregasm/wiregasm.cpp b/lib/wiregasm/wiregasm.cpp
index 7afa022..c08a33f 100644
--- a/lib/wiregasm/wiregasm.cpp
+++ b/lib/wiregasm/wiregasm.cpp
@@ -1,7 +1,9 @@
 #include "wiregasm.h"
 #include "lib.h"
+#include <epan/packet.h>
 #include <epan/prefs-int.h>
 #include <epan/prefs.h>
+#include <epan/proto.h>
 #include <epan/wslua/init_wslua.h>
 #include <wireshark/ws_version.h>
 #include <wsutil/privileges.h>
@@ -549,3 +551,136 @@ IoGraphResult DissectSession::iograph(MapInput args) {
   }
   return wg_session_process_iograph(&this->capture_file, args);
 }
+
+// ============================================================================
+// Protocol enable/disable functions
+// ============================================================================
+
+vector<ProtocolInfo> wg_list_protocols() {
+  vector<ProtocolInfo> result;
+  void *cookie = NULL;
+  int proto_id;
+
+  for (proto_id = proto_get_first_protocol(&cookie); proto_id != -1;
+       proto_id = proto_get_next_protocol(&cookie)) {
+
+    protocol_t *protocol = find_protocol_by_id(proto_id);
+    if (protocol == NULL)
+      continue;
+
+    ProtocolInfo info;
+    info.id = proto_id;
+
+    const char *filter_name = proto_get_protocol_filter_name(proto_id);
+    if (filter_name) {
+      info.name = string(filter_name);
+    }
+
+    const char *long_name = proto_get_protocol_long_name(protocol);
+    if (long_name) {
+      info.long_name = string(long_name);
+    }
+
+    info.enabled = proto_is_protocol_enabled(protocol);
+    info.enabled_by_default = proto_is_protocol_enabled_by_default(protocol);
+    info.can_toggle = proto_can_toggle_protocol(proto_id);
+
+    result.push_back(info);
+  }
+
+  return result;
+}
+
+bool wg_set_protocol_enabled(int proto_id, bool enabled) {
+  protocol_t *protocol = find_protocol_by_id(proto_id);
+  if (protocol == NULL) {
+    return false;
+  }
+
+  if (!proto_can_toggle_protocol(proto_id)) {
+    return false;
+  }
+
+  proto_set_decoding(proto_id, enabled);
+  return true;
+}
+
+bool wg_set_protocol_enabled_by_name(string proto_name, bool enabled) {
+  int proto_id = proto_get_id_by_filter_name(proto_name.c_str());
+  if (proto_id == -1) {
+    return false;
+  }
+
+  return wg_set_protocol_enabled(proto_id, enabled);
+}
+
+// ============================================================================
+// Heuristic dissector enable/disable functions
+// ============================================================================
+
+// Callback data for collecting heuristic dissectors
+struct HeurCollectorData {
+  vector<HeuristicInfo> *results;
+};
+
+// Callback for each heuristic entry within a table
+static void heur_entry_collector_cb(const char *table_name, struct heur_dtbl_entry *entry, void *user_data) {
+  HeurCollectorData *data = (HeurCollectorData *)user_data;
+
+  HeuristicInfo info;
+
+  if (entry->short_name) {
+    info.short_name = string(entry->short_name);
+  }
+
+  if (entry->display_name) {
+    info.display_name = string(entry->display_name);
+  }
+
+  if (entry->list_name) {
+    info.list_name = string(entry->list_name);
+  }
+
+  if (entry->protocol) {
+    const char *proto_name = proto_get_protocol_short_name(entry->protocol);
+    if (proto_name) {
+      info.protocol_name = string(proto_name);
+    }
+    // Get the protocol ID so we can link heuristics to their parent protocol
+    info.protocol_id = proto_get_id(entry->protocol);
+  } else {
+    info.protocol_id = -1;
+  }
+
+  info.enabled = entry->enabled;
+  info.enabled_by_default = entry->enabled_by_default;
+
+  data->results->push_back(info);
+}
+
+// Callback for each heuristic table
+static void heur_table_collector_cb(const char *table_name, struct heur_dissector_list *table, void *user_data) {
+  // Iterate all entries in this table
+  heur_dissector_table_foreach(table_name, heur_entry_collector_cb, user_data);
+}
+
+vector<HeuristicInfo> wg_list_heuristic_dissectors() {
+  vector<HeuristicInfo> result;
+  HeurCollectorData data;
+  data.results = &result;
+
+  // Iterate all heuristic tables, then entries within each
+  dissector_all_heur_tables_foreach_table(heur_table_collector_cb, &data, NULL);
+
+  return result;
+}
+
+bool wg_set_heuristic_enabled(string short_name, bool enabled) {
+  heur_dtbl_entry_t *entry = find_heur_dissector_by_unique_short_name(short_name.c_str());
+  if (entry == NULL) {
+    return false;
+  }
+
+  entry->enabled = enabled;
+  return true;
+}
diff --git a/lib/wiregasm/wiregasm.h b/lib/wiregasm/wiregasm.h
index f2b1df9..3faedcb 100644
--- a/lib/wiregasm/wiregasm.h
+++ b/lib/wiregasm/wiregasm.h
@@ -241,6 +241,51 @@ struct DownloadResponse {
   Download download;
 };
 
+// Protocol info struct for listing all protocols
+struct ProtocolInfo {
+  int id;                   // protocol ID
+  string name;              // protocol filter name (e.g., "tcp")
+  string long_name;         // protocol long name (e.g., "Transmission Control Protocol")
+  bool enabled;             // whether protocol is currently enabled
+  bool enabled_by_default;  // whether protocol is enabled by default
+  bool can_toggle;          // whether protocol can be toggled (some can't)
+};
+
+// Heuristic dissector info struct for listing all heuristic dissectors
+struct HeuristicInfo {
+  string short_name;        // unique short name (e.g., "mac_nr_udp")
+  string display_name;      // display name for UI
+  string list_name;         // parent dissector table name (e.g., "udp")
+  string protocol_name;     // associated protocol name
+  int protocol_id;          // protocol ID this heuristic belongs to
+  bool enabled;             // whether heuristic is currently enabled
+  bool enabled_by_default;  // whether heuristic is enabled by default
+};
+
+// Unified enabled item for building a hierarchical UI like Wireshark's Enabled Protocols dialog
+// Can represent either a protocol or a heuristic dissector
+struct EnabledProtocolItem {
+  // Common fields
+  string name;              // display name (short_name for protocols, display_name for heuristics)
+  string description;       // long description
+  bool enabled;             // whether currently enabled
+  bool enabled_by_default;  // whether enabled by default
+  bool can_toggle;          // whether can be toggled
+
+  // Type identification
+  bool is_heuristic;        // true if this is a heuristic, false if protocol
+
+  // Protocol-specific (when is_heuristic = false)
+  int protocol_id;          // protocol ID (only valid for protocols)
+
+  // Heuristic-specific (when is_heuristic = true)
+  string heuristic_short_name;  // unique short name for enabling (only valid for heuristics)
+  string list_name;         // dissector table this heuristic listens on (e.g., "udp")
+
+  // Child heuristics (only valid for protocols)
+  vector<EnabledProtocolItem> heuristics;  // heuristic dissectors belonging to this protocol
+};
+
 // globals
 
 bool wg_init();
@@ -259,6 +304,15 @@ vector<PrefData> wg_list_preferences(string module_name);
 string wg_get_upload_dir();
 string wg_get_plugins_dir();
 
+// Protocol enable/disable functions
+vector<ProtocolInfo> wg_list_protocols();
+bool wg_set_protocol_enabled(int proto_id, bool enabled);
+bool wg_set_protocol_enabled_by_name(string proto_name, bool enabled);
+
+// Heuristic dissector enable/disable functions
+vector<HeuristicInfo> wg_list_heuristic_dissectors();
+bool wg_set_heuristic_enabled(string short_name, bool enabled);
+
 class DissectSession {
 private:
   string path;
@@ -277,4 +331,4 @@ class DissectSession {
   ~DissectSession();
 };
 
-#endif
+#endif
\ No newline at end of file
diff --git a/samples/nr.pcapng b/samples/nr.pcapng
new file mode 100644
index 0000000000000000000000000000000000000000..b7c5bfb6731fd47086e8a1a168151906c1c2581d
GIT binary patch
literal 12300
zcmd^_30xD`_Q%gmR!9h8Z!Jq$L{L<uf`BYRM5EMJMZm4HSTVR2Q7ToGA&5|_6cPQS
zpn%UJTC@=t(DGz(L;X`lMXg#Dg;sqoAfgtL`tD7LFOR0L^pmvj|F8Gs{UkF??zz8n
zzUR!`JL(%4=vxB7IG+K12=w`?yWw;AScLj1)N#{8XY`a`73Wod$Dg?M{5u<+TZ}sX
z`?RDf7V;aW!IRK;+|?Twf&fMhTqFju5kNBf0q%E7`Wb@T&zt5)%^bKOo&*L72^_{F
zFd_(}Z1i(uVBMsI)5Q$2q-v!v!^__d+rl>MQCHa%+F1t6(J}7oO<{AZMw?l`v}sHb
z=8XV`KK?W?(J)*dRfRnS;75SJFQ>DqG{5$%b3YV(?OYf?m^EhYv#8GG=0kb!7hG#^
z?Q96s%L+)@oO6}gl{nf9=BEGetS`^kv^$xxU$7?Juc*kR3Vch?ls~Kuntjo|X>sG7
z>zi!aB}HSf4y@-p)Kz+<!>ocU&@t}nO`&IpMm_6a>migrYyl<_01Pyyzxoh=+IOs{
zr!LQZ5*_H$N4nf;G`vgN2edv7Vqp5+{QHvIi-Oa}*b;l(qN=KzNt1V*-Paezf!Xt2
z-fPMZEQ>_f>%<c(UF!VFKij7@e=UIc!{PD;M7e+1@S%G%y&NJs&X(oH6ePtnbHA?U
zSRJUZYrb{uWOTaI-qYL!qpp<aN3P#}%zt*zZgk?@*&VIMKVNKr_uCM+3ZFKETgOZM
z7}Eom2kKq2D|@i#=)BSUwjOT~9`=3J$!@BDX-vld{PTCU7c}vg5$+SJC4b1<O8!Wl
zcpXRY_ccv%I{ArDD6SE>tGC}%Ctl$=+0X<K-unLFl9|Vu{jg@)y2F>F$-{N;KRBxx
zR~f^D^=Cq@iJ;<HyivZjPHh|d_;q!7U)%Mff>n2)t{*-_{?&ses|S1JM^)u+lbbIH
zwVJl%TEp6d7q3md9x&GW$9sh<&aKYAbJw(OakOBWrZ@>dl<FW(%6vkCoD}&aLiyxb
z6Y%u(z<v({zZ)_zU1%?MAjzxsOA@}!Myci%{6Mn*3XOH@qOxd;lV@y$wsAtUQ{)rb
zoljL?e`E5zv1n|Tox`c5V`r+jPs`M^aNXpwl_l#MyI@?*@r_&G?;5s{@z&LEzxTb}
zkGV6UD{9k<bxoBq57rj^BhcgWgr}+Lt9|B&UAS2qb=0(uJu-<GY?8CT<k78-nGr{G
z4FanDEIQ)Z=QYJCQji*>Z9Z9b=MzIGUdPe<eN9uG@+POoXqiu7iQ^=qNg%!Tt6{)~
z49iu03MvBlr^iRMl_efpFq*>iR3=ocB)rTpwDd$~d!+r&##Ucm|I+Nx=j&c(hQ-x(
zO+MtdX~W$?<E2i;O>TokF{G(Dwdwx0c}`IWO;0qP5?si5cFDD&Zsod!RkrVjJ8Oy)
z_lMm&h!f5yYb>b0>|=UqP1#E@q<KYR(F}p5BaN~PHC-eQ9!En{#R-3^o+qeb@66Vg
zKkIJ(n1AHtHRw^DQt85RQ|XerTh7*&KPzROKzH8vXa+F6Mb)JKkpBCT%E7}a<|f%^
z#j<Q3+387{`h%#FVpD5B<t8Rmz(w;Aa)GiS5<M+afLaaIApnUpMNxRlN?<?S8Pe&R
zeUNe(bDp2;X_GeWUa|iQ+HL!ihImc<W#onHAWnS59}jDB;0oL5&-4C3*s#(bO%*3~
z{^}?0(^{8JH-D`EL;PhA+^;o%)=K`EK<Lv<V7fqi1mUctr{&|Uk>4)rSi3y-qm7#j
zZtNVFSHqB>+x&yUiMbbt1s`$0))hFz!8IuD!Im5AJIp(G46*lGek^}ZK*u(}w(y}J
zgCWcQ#s0<DeT+YMh<H2g#l66%4AEu(z!|YNm7JxT`171qrGq%J5Pw3f#g!yP1ThrW
zf4pnNp9Z0dKlM7{S{y9Zwoce6<HQ0&n#}^1L?*iPLdpcQ3zsOG0=bhOGfxih^+}P<
zOBEy?wH`0`bR>w3#`ytzhE2BTN<{(Z3G-=={a2;?*?%EEEAMy0>k0qU5p-i*>vXW7
zIlyWKORAAE3t&82JilYIU*_s-h*kosIH~Iyzc*9|dQ1o+Ue1D;RWhcP$Y@r1bg6XF
zZO?XoCz&*}(6u(#MZhs+(clAdU<d>)-~`D3#^|*cXhb61Wv)F(SLvBY{;Q5xGIONw
zp<~?D8-6Y){WPt2$^Ng`yUINS5CMk>APtb9hJP18Bq0G2SO6>F@jJ@--zJPvEMzzq
zZ{4XI@&k{Na+EHl0XVJ5z9pKwjW9tmcWaSRU*s7l<eA4=%D7tk=yjp1lEp{>9#mfa
z8%`;J5ENij6kt3s`)O|nZk^fd*%AmB<Y~>beTip_x?;AiCcPdMdOs+q_k+6shnaR!
zXr_^hnS!w9SUoyi?K2MejufDpViF)esm~mkmE;++ecqy5Ux<qYOa{=A`V<Yc1SmR*
z4`Kj>0*Hlxev28ydl2|j^~@lt8W4*)!(F}o9@cCTYs9%m7I_^F!bKyqku@fWfuux0
zP(px4^msrq(enVhzzJPo&T1<uFOj>+J<4O`=JJVhJ9$j`26<SyM@l66X?cze!0ohz
z3q-K96GGW#8%2Rbc@Fw{IX=w@b{2`iP;q)BK20dDW+_fvpwlzfhfXZr85%xzYpG?Z
zV`kBiN#^}ig2qdChL}liQyH{dinu7w(^SA=q|iliPRL0FL<&VBCQxX;LfAN^B@1tJ
zITwc(o;dL+c+u$W=d(?(H!yjuW}6f5cYIXCVUe?L867u&q<32uJ2)ljy!|s~YDJkY
zpUGc6{7zPT^@{6~mMGKse8+1qxW=K)gMJ$Rc->|}P5HgEyVLeYu<KUmY<_#q%Y}W{
z7cN@5Y0H|lAbUFUWwH11zU3_op5IHKS}t8UW!c8vQ?HF!fARQ0cI|O)I@x9Q)Fr}h
z$-|t9Q?@tG%GWEYkG;HQO|4)3_xy>B>{n?C6AC7#e$keEBq{pBqstzbOe-F5OT1FL
z$L?UA<I2F{d&Ij6WAn?sg7PCh6Wc$PPM_XCA$@-2bF0cDCI%-3Uwz#^U&WgGbI)Cg
zORTof-L_zW?xzfd*q?R_RZk1Wz9i0}j}XP^pJI>K=~KVh0Ca%6dc!$HysN2R6E?5w
zwQ_$FY{3xeYNye?lysg1oLs_7#Nr+`b_G{cM+(><+{AmY+4T)Vlg}x0up9hg7RmPm
zLrT1clL8<MaCIvZ`oC&K7m0v<J3|aY@-zY2V&JCOkGwd>9TfpC7lcHSi2UT#OyYZv
zebDUB0LV>3v^1M+DUzM4ky(Ogt^f$br6_+XV2DOBS->Z#NVlTMw=!i#&`5&)NSHJN
z-;=vr5SIioy4VyY4p{;)Xa!k(e>X|2fDr_-1bA)aPgBqp$DlH05=Vp%klV~ig0LkC
zm_aymc+0Q<B9Pd(*vEKp8@m+mqXRK*4&Fn@UA-yxs(QDN4)(ZCVRQ(6iVbXi*w!y~
zfnpck-xk~IY4feYB|5N)_U_Hl{f^_!@+T&QbRD9q!ItV6Ghmm$%BCk0snVG@zhsUX
zI>24MDOloYVhNt~WXS;-iX7qomvTgX-hae*?601&I%)aMJZ<^thxstd<|-DmOt{f7
zKrZwx4fiF~-m~DCsbb|B$(gUcO~i*Dx<49<ledP9#`heaU`tC>-UP{JO?<@d<jmKW
z52tQE^#0;}sOMGXw8aV9`ppCITF#wDwFAFvnKCo5DH6SM$%wWCy+#4>iwtOX5w}r4
zk}WwV{ZYanIVf&rtVjg;Lswq?MUnd>5<|-|Re6QiBr3)$3HU^gj&WCSin`mocZuMk
zTq|<WE|5QZ#d2zIt=Aym+B+j`7N%9qaW$Xoo^Y~!?&Jr1n&UQq<~#W9%@a1}wn*8n
zH{*??XS7-zNXf{G|0(v;r4h64t{cwzGOzl6a^B@{=hd!ok=i#c_}heMcJ8rJ%#B~{
zo7DDn@hvLMg>djKbDCrkgmv_+6XP3_cW9flYm{|D554?FuXTRAPL$@=>A<F<PUxXJ
zvE$0}JGf4qIr7efalYARahmEx<L$Z~+VY;&T_^Pa;&lT1PsO`*Y2c6A^6^B;hd$`{
zjt}wjY#rEC@S%_R=%;rh1oQFwox3JJJo~QwQCmLRyZPX~A$&|n&!M7S9D6PKAf_n!
z-~sQ~`B2@vu+5W0L+!PU6*09tR{S?8R+M*`4q~OqD;~<L$urM=gY&BX1H;FC@<lBN
zRe6O!as9xtYFv3CLR&tnm3;7l-#b3!?xIL-`JlV`FnELbki>~1wU3p84?f~!>C%iM
z%m?-K#ljubgk#B?_@D<C7HDac?5pI%01SSe4{Te-q}1=e4s0rP8X%nqhF`bDI**?j
z^<~tv#I>*UK)q&(YVQ|l$t3C6&7|NBVlw0EoGaS$@wt)@0SJDb5A|44yDP3}8>`jb
zu`+yvV&yrkQU|e8<dp#B)f0c?OE|Amj=DU|Ik?VkU(fpSA-caz4jX2!Egz4Sd>Eql
zSiiY`!8T!bst#-_bRwJL({{<3Sm(2{uX2j5I<uasbgG!dHe0<`nrq8sTQ`%!zc`bs
z^*Z*OkUVUm<$9fbg4gTzG<px>&G#pS!xxQ6@dvxr6sv<sa!CPEG)xy$m)JWup!IyP
zls(io?Ci$VR-8GbWml~W<$d;y+Wz-=i&Ob+Gpd#an$43xydRz`4%%`cBt0-j@_eLW
zGwpGA_tby9{XbK}n^&FZHSCRUHnq+j`zTShURUR!a^_(RZ8>P~{=X7Ne{l}f{YJN*
f(t+RbeisjKUJH#W$z`i8{~va-P)+M)!~XgwOBe^S

literal 0
HcmV?d00001

diff --git a/src/index.test.ts b/src/index.test.ts
index 618793d..baa006f 100644
--- a/src/index.test.ts
+++ b/src/index.test.ts
@@ -946,6 +946,117 @@ describe("Wiregasm Library - Reloading Lua Plugins", () => {
   });
 });
 
+describe("Wiregasm Library - Heuristic Dissectors", () => {
+  const wg = new Wiregasm();
+
+  beforeAll(async () => {
+    return wg.init(loadWiregasm, await buildCompressedOverrides());
+  });
+
+  afterAll(() => {
+    wg.destroy();
+  });
+
+  test("list heuristic dissectors works", async () => {
+    const heuristics = wg.list_heuristic_dissectors();
+    expect(heuristics.length).toBeGreaterThan(0);
+
+    // Find mac_nr_udp heuristic
+    const macNrUdp = heuristics.find((h) => h.short_name === "mac_nr_udp");
+    expect(macNrUdp).toBeDefined();
+    expect(macNrUdp?.display_name).toBe("MAC-NR over UDP");
+    expect(macNrUdp?.list_name).toBe("udp");
+    expect(macNrUdp?.enabled_by_default).toBe(false);
+  });
+
+  test("list protocols works", async () => {
+    const protocols = wg.list_protocols();
+    expect(protocols.length).toBeGreaterThan(0);
+
+    // Find MAC-NR protocol
+    const macNr = protocols.find((p) => p.name === "mac-nr");
+    expect(macNr).toBeDefined();
+    expect(macNr?.long_name).toContain("MAC");
+  });
+
+  test("enable/disable heuristic dissector works", async () => {
+    // Check initial state
+    let heuristics = wg.list_heuristic_dissectors();
+    let macNrUdp = heuristics.find((h) => h.short_name === "mac_nr_udp");
+    expect(macNrUdp?.enabled).toBe(false);
+
+    // Enable the heuristic
+    const result = wg.set_heuristic_enabled("mac_nr_udp", true);
+    expect(result).toBe(true);
+
+    // Verify it's enabled
+    heuristics = wg.list_heuristic_dissectors();
+    macNrUdp = heuristics.find((h) => h.short_name === "mac_nr_udp");
+    expect(macNrUdp?.enabled).toBe(true);
+
+    // Disable it again
+    wg.set_heuristic_enabled("mac_nr_udp", false);
+    heuristics = wg.list_heuristic_dissectors();
+    macNrUdp = heuristics.find((h) => h.short_name === "mac_nr_udp");
+    expect(macNrUdp?.enabled).toBe(false);
+  });
+
+  test("mac_nr_udp heuristic dissector decodes NR pcap correctly", async () => {
+    // Enable the mac_nr_udp heuristic before loading
+    wg.set_heuristic_enabled("mac_nr_udp", true);
+
+    // Load the NR capture file
+    const data = await fs.readFile("samples/nr.pcapng");
+    const ret = wg.load("nr.pcapng", data);
+    expect(ret.code).toEqual(0);
+
+    // Get the first frame and check if MAC-NR is detected
+    const frame = wg.frame(1);
+    expect(frame.number).toEqual(1);
+
+    // Find the MAC-NR protocol in the tree
+    let foundMacNr = false;
+    for (let i = 0; i < frame.tree.size(); i++) {
+      const tree = frame.tree.get(i);
+      if (tree.label.includes("MAC-NR")) {
+        foundMacNr = true;
+        break;
+      }
+    }
+
+    expect(foundMacNr).toBe(true);
+
+    // Disable the heuristic for cleanup
+    wg.set_heuristic_enabled("mac_nr_udp", false);
+  });
+
+  test("without heuristic enabled, MAC-NR is not detected", async () => {
+    // Make sure heuristic is disabled
+    wg.set_heuristic_enabled("mac_nr_udp", false);
+
+    // Load the NR capture file
+    const data = await fs.readFile("samples/nr.pcapng");
+    const ret = wg.load("nr2.pcapng", data);
+    expect(ret.code).toEqual(0);
+
+    // Get the first frame
+    const frame = wg.frame(1);
+    expect(frame.number).toEqual(1);
+
+    // MAC-NR should NOT be in the tree (only UDP)
+    let foundMacNr = false;
+    for (let i = 0; i < frame.tree.size(); i++) {
+      const tree = frame.tree.get(i);
+      if (tree.label.includes("MAC-NR")) {
+        foundMacNr = true;
+        break;
+      }
+    }
+
+    expect(foundMacNr).toBe(false);
+  });
+});
+
 describe("Wiregasm Library - IoGraph", () => {
   const wg = new Wiregasm();
 
diff --git a/src/index.ts b/src/index.ts
index 2cd94eb..4c31495 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -7,11 +7,13 @@ import {
   Follow,
   Frame,
   FramesResponse,
+  HeuristicInfo,
   LoadResponse,
   MapInput,
   Pref,
   PrefModule,
   PrefSetResult,
+  ProtocolInfo,
   TapConvResponse,
   TapExportObjectResponse,
   TapResponse,
@@ -287,6 +289,63 @@ export class Wiregasm {
   is_conv_tap(tap: any): tap is TapConvResponse {
     return tap instanceof this.lib.TapConvResponse;
   }
+
+  // Protocol enable/disable methods
+
+  /**
+   * List all registered protocols
+   *
+   * @returns Array of all protocols with their enabled state
+   */
+  list_protocols(): ProtocolInfo[] {
+    const vec = this.lib.listProtocols();
+    return vectorToArray(vec);
+  }
+
+  /**
+   * Enable or disable a protocol by its ID
+   *
+   * @param protoId Protocol ID
+   * @param enabled Whether to enable or disable the protocol
+   * @returns true if successful, false otherwise
+   */
+  set_protocol_enabled(protoId: number, enabled: boolean): boolean {
+    return this.lib.setProtocolEnabled(protoId, enabled);
+  }
+
+  /**
+   * Enable or disable a protocol by its filter name
+   *
+   * @param protoName Protocol filter name (e.g., "tcp", "udp")
+   * @param enabled Whether to enable or disable the protocol
+   * @returns true if successful, false otherwise
+   */
+  set_protocol_enabled_by_name(protoName: string, enabled: boolean): boolean {
+    return this.lib.setProtocolEnabledByName(protoName, enabled);
+  }
+
+  // Heuristic dissector enable/disable methods
+
+  /**
+   * List all registered heuristic dissectors
+   *
+   * @returns Array of all heuristic dissectors with their enabled state
+   */
+  list_heuristic_dissectors(): HeuristicInfo[] {
+    const vec = this.lib.listHeuristicDissectors();
+    return vectorToArray(vec);
+  }
+
+  /**
+   * Enable or disable a heuristic dissector by its unique short name
+   *
+   * @param shortName Unique short name of the heuristic dissector (e.g., "mac_nr_udp")
+   * @param enabled Whether to enable or disable the heuristic
+   * @returns true if successful, false otherwise
+   */
+  set_heuristic_enabled(shortName: string, enabled: boolean): boolean {
+    return this.lib.setHeuristicEnabled(shortName, enabled);
+  }
 }
 
 export * from "./types";
diff --git a/src/types.ts b/src/types.ts
index 3bc3ec6..442460d 100644
--- a/src/types.ts
+++ b/src/types.ts
@@ -244,6 +244,25 @@ export interface IoGraph {
   items: Vector<number>;
 }
 
+export interface ProtocolInfo {
+  id: number;
+  name: string;
+  long_name: string;
+  enabled: boolean;
+  enabled_by_default: boolean;
+  can_toggle: boolean;
+}
+
+export interface HeuristicInfo {
+  short_name: string;
+  display_name: string;
+  list_name: string;
+  protocol_name: string;
+  protocol_id: number; // protocol ID this heuristic belongs to (-1 if none)
+  enabled: boolean;
+  enabled_by_default: boolean;
+}
+
 export interface DissectSession {
   /**
    * Free up any memory used by the session
@@ -450,6 +469,51 @@ export interface WiregasmLib extends EmscriptenModule {
    * @param length Length of the data
    */
   upload(file_name: string, data_ptr: number, length: number): string;
+
+  // Protocol enable/disable functions
+
+  /**
+   * List all registered protocols
+   *
+   * @returns List of all protocols with their enabled state
+   */
+  listProtocols(): Vector<ProtocolInfo>;
+
+  /**
+   * Enable or disable a protocol by its ID
+   *
+   * @param protoId Protocol ID
+   * @param enabled Whether to enable or disable the protocol
+   * @returns true if successful, false otherwise
+   */
+  setProtocolEnabled(protoId: number, enabled: boolean): boolean;
+
+  /**
+   * Enable or disable a protocol by its filter name
+   *
+   * @param protoName Protocol filter name (e.g., "tcp", "udp")
+   * @param enabled Whether to enable or disable the protocol
+   * @returns true if successful, false otherwise
+   */
+  setProtocolEnabledByName(protoName: string, enabled: boolean): boolean;
+
+  // Heuristic dissector enable/disable functions
+
+  /**
+   * List all registered heuristic dissectors
+   *
+   * @returns List of all heuristic dissectors with their enabled state
+   */
+  listHeuristicDissectors(): Vector<HeuristicInfo>;
+
+  /**
+   * Enable or disable a heuristic dissector by its unique short name
+   *
+   * @param shortName Unique short name of the heuristic dissector (e.g., "mac_nr_udp")
+   * @param enabled Whether to enable or disable the heuristic
+   * @returns true if successful, false otherwise
+   */
+  setHeuristicEnabled(shortName: string, enabled: boolean): boolean;
 }
 
 export type WiregasmLoader = (