New tap extension to tethereal: ProtoColInfo

Using this command line option you canb now place any arbitrary display-filter fields on the COL_INFO line.

Assume you want NFS dissector in tethereal to put ALL filehandle hashes (nfs.fh.hash) on COL_INFO.
No worries, just add

-z proto,colinfo,nfs.fh.hash,nfs.fh.hash

as a parameter to tethereal.

Never again do you need to hack tethereal and recompile just because you want some extra info on the COL_INFO line.

svn path=/trunk/; revision=6560

Makefile.am

@@ -1,7 +1,7 @@
 # Makefile.am
 # Automake file for Ethereal
 #
-# $Id: Makefile.am,v 1.517 2002/11/03 17:38:30 oabad Exp $
+# $Id: Makefile.am,v 1.518 2002/11/04 12:10:59 sahlberg Exp $
 #
 # Ethereal - Network traffic analyzer
 # By Gerald Combs <gerald@ethereal.com>
@@ -765,6 +765,7 @@ ethereal_static_LDFLAGS = -Wl,-static
 TETHEREAL_TAP_SRC = \
 	tap-dcerpcstat.c	\
 	tap-iostat.c		\
+	tap-protocolinfo.c	\
 	tap-protohierstat.c	\
 	tap-rpcstat.c		\
 	tap-rpcprogs.c

Makefile.nmake

@@ -1,7 +1,7 @@
 ## Makefile for building ethereal.exe with Microsoft C and nmake
 ## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
 #
-# $Id: Makefile.nmake,v 1.252 2002/11/02 22:23:16 sahlberg Exp $
+# $Id: Makefile.nmake,v 1.253 2002/11/04 12:10:59 sahlberg Exp $
 
 include config.nmake
 include <win32.mak>
@@ -326,6 +326,7 @@ DISSECTOR_OBJECTS = $(DISSECTOR_SRC:.c=.obj)
 TETHEREAL_TAP_SRC = \
 	tap-dcerpcstat.c	\
 	tap-iostat.c		\
+	tap-protocolinfo.c	\
 	tap-protohierstat.c	\
 	tap-rpcstat.c		\
 	tap-rpcprogs.c

doc/tethereal.pod.template

@@ -345,7 +345,36 @@ all filters and presented with one column of statistics for each filter.
 
 This option can be used multiple times on the command line. 
 
- 
+
+B<-z> proto,colinfo,I<filter>,I<field>
+
+Append all I<field> values for the packet to the COL_INFO information line.
+This feature can be used to append arbitrary fields to the COL_INFO line
+in addition to the normal content of the COL_INFO line.
+I<field> is the display-filter name of a field which value should be placed
+on the COL_INFO line.
+I<filter> is a filter string that controls for which packets the field value
+will be presented on COL_INFO line. I<field> will only be presented on the
+COL_INFO line for the packets which match I<filter>.
+
+NOTE: In order for I<tethereal> to be able to extract the I<field> value from
+the packet, I<field> MUST be part of the I<filter> string. If not, I<tethereal>
+will not be able to extract its value.
+
+For a simple example to add the "nfs.fh.hash" field to COL_INFO for all
+packets containing the "nfs.fh.hash" field, use
+
+B<-z proto,colinfo,nfs.fh.hash,nfs.fh.hash>
+
+
+To put "nfs.fh.hash" on COL_INFO but only for packets coming from host 1.2.3.4
+use :
+
+B<-z "proto,colinfo,nfs.fh.hash && ip.src==1.2.3.4,nfs.fh.hash">
+
+This option can be used multiple times on the command line. 
+
+
 B<-z> rpc,rtt,I<program>,I<version>[,I<filter>]
 
 Collect call/reply RTT data for I<program>/I<version>.  Data collected

tap-protocolinfo.c

@@ -0,0 +1,127 @@
+/* tap-protocolinfo.c
+ * protohierstat   2002 Ronnie Sahlberg
+ *
+ * $Id: tap-protocolinfo.c,v 1.1 2002/11/04 12:10:59 sahlberg Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@ethereal.com>
+ * Copyright 1998 Gerald Combs
+ * 
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ */
+
+/* This module provides Protocol Column Info tap for tethereal */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <string.h>
+#include "epan/epan_dissect.h"
+#include "epan/column-utils.h"
+#include "epan/proto.h"
+#include "tap.h"
+#include "register.h"
+
+typedef struct _pci_t {
+	char *filter;
+	int hf_index;
+} pci_t;
+
+
+static int
+protocolinfo_packet(void *prs, packet_info *pinfo, epan_dissect_t *edt, void *dummy _U_)
+{
+	pci_t *rs=prs;
+	GPtrArray *gp;
+	guint i;
+	char *str;
+
+	gp=proto_get_finfo_ptr_array(edt->tree, rs->hf_index);
+	if(!gp){
+		return 0;
+	}
+
+	for(i=0;i<gp->len;i++){
+		str=proto_alloc_dfilter_string(gp->pdata[i], NULL);
+		col_append_fstr(pinfo->cinfo, COL_INFO, "  %s",str);
+		g_free(str);
+	}
+	return 0;
+}
+
+
+
+static void
+protocolinfo_init(char *optarg)
+{
+	pci_t *rs;
+	char *field=NULL;
+	char *filter=NULL;
+	header_field_info *hfi;
+
+	if(!strncmp("proto,colinfo,",optarg,14)){
+		filter=optarg+14;
+		field=strchr(filter,',');
+		if(field){
+			field+=1;  /* skip the ',' */
+		}
+	}
+	if(!field){
+		fprintf(stderr, "tethereal: invalid \"-z proto,colinfo,<filter>,<field>\" argument\n");
+		exit(1);
+	}
+
+	hfi=proto_registrar_get_byname(field);
+	if(!hfi){
+		fprintf(stderr, "tethereal: Field \"%s\" does not exist.\n", field);
+		exit(1);
+	}
+
+	rs=g_malloc(sizeof(pci_t));
+	rs->hf_index=hfi->id;
+	if((field-filter)>1){
+		rs->filter=g_malloc(field-filter);
+		strncpy(rs->filter,filter,(field-filter)-1);
+		rs->filter[(field-filter)-1]=0;
+	} else {
+		rs->filter=NULL;
+	}
+
+	if(register_tap_listener("frame", rs, rs->filter, NULL, protocolinfo_packet, NULL)){
+		/* error, we failed to attach to the tap. clean up */
+		if(rs->filter){
+			g_free(rs->filter);
+		}
+		g_free(rs);
+
+		fprintf(stderr,"tethereal: protocolinfo_init() failed to attach to tap.\n");
+		exit(1);
+	}
+}
+
+
+void
+register_tap_listener_protocolinfo(void)
+{
+	register_ethereal_tap("proto,colinfo,", protocolinfo_init, NULL, NULL);
+}
+