2002-11-04 12:11:01 +00:00
|
|
|
/* tap-protocolinfo.c
|
|
|
|
* protohierstat 2002 Ronnie Sahlberg
|
|
|
|
*
|
2006-05-21 05:12:17 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2002-11-04 12:11:01 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2010-09-23 06:08:19 +00:00
|
|
|
*
|
2002-11-04 12:11:01 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2010-09-23 06:08:19 +00:00
|
|
|
*
|
2002-11-04 12:11:01 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2010-09-23 06:08:19 +00:00
|
|
|
*
|
2002-11-04 12:11:01 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2012-06-28 22:56:06 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2002-11-04 12:11:01 +00:00
|
|
|
*/
|
|
|
|
|
2006-05-31 17:38:42 +00:00
|
|
|
/* This module provides Protocol Column Info tap for tshark */
|
2002-11-04 12:11:01 +00:00
|
|
|
|
2012-09-20 01:29:52 +00:00
|
|
|
#include "config.h"
|
2002-11-04 12:11:01 +00:00
|
|
|
|
|
|
|
#include <stdio.h>
|
2013-11-10 15:59:37 +00:00
|
|
|
#include <stdlib.h>
|
2002-11-04 12:11:01 +00:00
|
|
|
#include <string.h>
|
2013-11-10 15:59:37 +00:00
|
|
|
|
2002-11-04 12:11:01 +00:00
|
|
|
#include "epan/epan_dissect.h"
|
|
|
|
#include "epan/column-utils.h"
|
2004-09-29 00:06:36 +00:00
|
|
|
#include <epan/tap.h>
|
2014-11-14 18:51:40 +00:00
|
|
|
#include <epan/stat_tap_ui.h>
|
2002-11-04 12:11:01 +00:00
|
|
|
|
2013-11-14 06:21:02 +00:00
|
|
|
void register_tap_listener_protocolinfo(void);
|
|
|
|
|
2002-11-04 12:11:01 +00:00
|
|
|
typedef struct _pci_t {
|
|
|
|
char *filter;
|
|
|
|
int hf_index;
|
|
|
|
} pci_t;
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
2005-01-01 02:57:02 +00:00
|
|
|
protocolinfo_packet(void *prs, packet_info *pinfo, epan_dissect_t *edt, const void *dummy _U_)
|
2002-11-04 12:11:01 +00:00
|
|
|
{
|
2014-10-13 19:04:21 +00:00
|
|
|
pci_t *rs = (pci_t *)prs;
|
2002-11-04 12:11:01 +00:00
|
|
|
GPtrArray *gp;
|
|
|
|
guint i;
|
|
|
|
char *str;
|
|
|
|
|
2004-10-18 01:18:44 +00:00
|
|
|
/*
|
|
|
|
* XXX - there needs to be a way for "protocolinfo_init()" to
|
|
|
|
* find out whether the columns are being generated and, if not,
|
|
|
|
* to report an error and exit, as the whole point of this tap
|
|
|
|
* is to modify the columns, and if the columns aren't being
|
|
|
|
* displayed, that makes this tap somewhat pointless.
|
|
|
|
*
|
2009-01-13 20:37:28 +00:00
|
|
|
* To prevent a crash, we check whether INFO column is writable
|
|
|
|
* and, if not, we report that error and exit.
|
2004-10-18 01:18:44 +00:00
|
|
|
*/
|
2016-06-14 15:55:08 +00:00
|
|
|
if (!col_get_writable(pinfo->cinfo, COL_INFO)) {
|
2009-01-13 20:37:28 +00:00
|
|
|
fprintf(stderr, "tshark: the proto,colinfo tap doesn't work if the INFO column isn't being printed.\n");
|
2004-10-18 01:18:44 +00:00
|
|
|
exit(1);
|
|
|
|
}
|
2014-10-13 19:04:21 +00:00
|
|
|
gp = proto_get_finfo_ptr_array(edt->tree, rs->hf_index);
|
|
|
|
if (!gp) {
|
2002-11-04 12:11:01 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2014-10-13 19:04:21 +00:00
|
|
|
for (i=0; i<gp->len; i++) {
|
|
|
|
str = (char *)proto_construct_match_selected_string((field_info *)gp->pdata[i], NULL);
|
|
|
|
if (str) {
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " %s", str);
|
2015-01-17 02:47:48 +00:00
|
|
|
wmem_free(NULL, str);
|
Rename "proto_alloc_dfilter_string()" to
"proto_construct_dfilter_string()", to more accurately reflect what it
does.
Give it, and "proto_can_match_selected()", an "epan_dissect_t *"
argument, which replaces the raw data pointer argument to
"proto_construct_dfilter_string()".
For fields that don't have a type we can directly filter on, we don't
support filtering on the field as raw data if:
the "epan_dissect_t *" argument is null;
the data source tvbuff for the field isn't the tvbuff for the
"epan_dissect_t" in question (i.e., it's in the result of a
reassembly, and "frame[N:M]" can't get at it).
Trim the length the raw data in the case of such a field to the length
of the tvbuff for the "epan_dissect_t" in question, so we don't go past
it. Fetch the raw data bytes to match from that tvbuff.
Have "proto_construct_dfilter_string()" return a null pointer if it
can't construct the filter string, and have "protocolinfo_packet()" in
the tap-protocolinfo tap ignore a field if
"proto_construct_dfilter_string()" can't construct a filter string for
it - and have it pass NULL as the "epan_dissect_t *", for now. If
somebody decides it makes sense to dump out a "frame[N:M] =" value for
non-registered fields, it can be changed to pass "edt".
svn path=/trunk/; revision=7635
2003-05-03 00:48:37 +00:00
|
|
|
}
|
2002-11-04 12:11:01 +00:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
2014-10-13 19:04:21 +00:00
|
|
|
protocolinfo_init(const char *opt_arg, void *userdata _U_)
|
2002-11-04 12:11:01 +00:00
|
|
|
{
|
|
|
|
pci_t *rs;
|
2014-10-13 19:04:21 +00:00
|
|
|
const char *field = NULL;
|
|
|
|
const char *filter = NULL;
|
2002-11-04 12:11:01 +00:00
|
|
|
header_field_info *hfi;
|
2016-06-19 09:01:56 +00:00
|
|
|
GString *error_string;
|
2002-11-04 12:11:01 +00:00
|
|
|
|
2014-10-13 19:04:21 +00:00
|
|
|
if (!strncmp("proto,colinfo,", opt_arg, 14)) {
|
|
|
|
filter = opt_arg+14;
|
|
|
|
field = strchr(filter, ',');
|
|
|
|
if (field) {
|
|
|
|
field += 1; /* skip the ',' */
|
2002-11-04 12:11:01 +00:00
|
|
|
}
|
|
|
|
}
|
2014-10-13 19:04:21 +00:00
|
|
|
if (!field) {
|
2006-05-31 17:38:42 +00:00
|
|
|
fprintf(stderr, "tshark: invalid \"-z proto,colinfo,<filter>,<field>\" argument\n");
|
2002-11-04 12:11:01 +00:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
2014-10-13 19:04:21 +00:00
|
|
|
hfi = proto_registrar_get_byname(field);
|
|
|
|
if (!hfi) {
|
2006-05-31 17:38:42 +00:00
|
|
|
fprintf(stderr, "tshark: Field \"%s\" doesn't exist.\n", field);
|
2002-11-04 12:11:01 +00:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
2014-10-13 19:04:21 +00:00
|
|
|
rs = g_new(pci_t, 1);
|
|
|
|
rs->hf_index = hfi->id;
|
|
|
|
if ((field-filter) > 1) {
|
|
|
|
rs->filter = (char *)g_malloc(field-filter);
|
|
|
|
g_strlcpy(rs->filter, filter, (field-filter));
|
2002-11-04 12:11:01 +00:00
|
|
|
} else {
|
2014-10-13 19:04:21 +00:00
|
|
|
rs->filter = NULL;
|
2002-11-04 12:11:01 +00:00
|
|
|
}
|
|
|
|
|
2014-10-13 19:04:21 +00:00
|
|
|
error_string = register_tap_listener("frame", rs, rs->filter, TL_REQUIRES_PROTO_TREE, NULL, protocolinfo_packet, NULL);
|
|
|
|
if (error_string) {
|
2003-04-23 08:20:06 +00:00
|
|
|
/* error, we failed to attach to the tap. complain and clean up */
|
2006-05-31 17:38:42 +00:00
|
|
|
fprintf(stderr, "tshark: Couldn't register proto,colinfo tap: %s\n",
|
2016-06-19 09:01:56 +00:00
|
|
|
error_string->str);
|
|
|
|
g_string_free(error_string, TRUE);
|
2009-03-15 18:08:46 +00:00
|
|
|
g_free(rs->filter);
|
2002-11-04 12:11:01 +00:00
|
|
|
g_free(rs);
|
|
|
|
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-11-14 18:42:26 +00:00
|
|
|
static stat_tap_ui protocolinfo_ui = {
|
2014-11-14 18:31:04 +00:00
|
|
|
REGISTER_STAT_GROUP_GENERIC,
|
|
|
|
NULL,
|
2014-11-14 20:05:31 +00:00
|
|
|
"proto,colinfo",
|
2014-11-14 18:31:04 +00:00
|
|
|
protocolinfo_init,
|
|
|
|
0,
|
|
|
|
NULL
|
|
|
|
};
|
2002-11-04 12:11:01 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
register_tap_listener_protocolinfo(void)
|
|
|
|
{
|
2014-11-14 18:42:26 +00:00
|
|
|
register_stat_tap_ui(&protocolinfo_ui, NULL);
|
2002-11-04 12:11:01 +00:00
|
|
|
}
|
|
|
|
|
2014-10-13 19:04:21 +00:00
|
|
|
/*
|
|
|
|
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
|
|
|
*
|
|
|
|
* Local variables:
|
|
|
|
* c-basic-offset: 8
|
|
|
|
* tab-width: 8
|
|
|
|
* indent-tabs-mode: t
|
|
|
|
* End:
|
|
|
|
*
|
|
|
|
* vi: set shiftwidth=8 tabstop=8 noexpandtab:
|
|
|
|
* :indentSize=8:tabSize=8:noTabs=false:
|
|
|
|
*/
|