forked from osmocom/wireshark
New tap extension to tethereal: ProtoColInfo
Using this command line option you canb now place any arbitrary display-filter fields on the COL_INFO line. Assume you want NFS dissector in tethereal to put ALL filehandle hashes (nfs.fh.hash) on COL_INFO. No worries, just add -z proto,colinfo,nfs.fh.hash,nfs.fh.hash as a parameter to tethereal. Never again do you need to hack tethereal and recompile just because you want some extra info on the COL_INFO line. svn path=/trunk/; revision=6560
This commit is contained in:
parent
cee6c74482
commit
7775a0bec5
|
@ -1,7 +1,7 @@
|
|||
# Makefile.am
|
||||
# Automake file for Ethereal
|
||||
#
|
||||
# $Id: Makefile.am,v 1.517 2002/11/03 17:38:30 oabad Exp $
|
||||
# $Id: Makefile.am,v 1.518 2002/11/04 12:10:59 sahlberg Exp $
|
||||
#
|
||||
# Ethereal - Network traffic analyzer
|
||||
# By Gerald Combs <gerald@ethereal.com>
|
||||
|
@ -765,6 +765,7 @@ ethereal_static_LDFLAGS = -Wl,-static
|
|||
TETHEREAL_TAP_SRC = \
|
||||
tap-dcerpcstat.c \
|
||||
tap-iostat.c \
|
||||
tap-protocolinfo.c \
|
||||
tap-protohierstat.c \
|
||||
tap-rpcstat.c \
|
||||
tap-rpcprogs.c
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
## Makefile for building ethereal.exe with Microsoft C and nmake
|
||||
## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
|
||||
#
|
||||
# $Id: Makefile.nmake,v 1.252 2002/11/02 22:23:16 sahlberg Exp $
|
||||
# $Id: Makefile.nmake,v 1.253 2002/11/04 12:10:59 sahlberg Exp $
|
||||
|
||||
include config.nmake
|
||||
include <win32.mak>
|
||||
|
@ -326,6 +326,7 @@ DISSECTOR_OBJECTS = $(DISSECTOR_SRC:.c=.obj)
|
|||
TETHEREAL_TAP_SRC = \
|
||||
tap-dcerpcstat.c \
|
||||
tap-iostat.c \
|
||||
tap-protocolinfo.c \
|
||||
tap-protohierstat.c \
|
||||
tap-rpcstat.c \
|
||||
tap-rpcprogs.c
|
||||
|
|
|
@ -345,7 +345,36 @@ all filters and presented with one column of statistics for each filter.
|
|||
|
||||
This option can be used multiple times on the command line.
|
||||
|
||||
|
||||
|
||||
B<-z> proto,colinfo,I<filter>,I<field>
|
||||
|
||||
Append all I<field> values for the packet to the COL_INFO information line.
|
||||
This feature can be used to append arbitrary fields to the COL_INFO line
|
||||
in addition to the normal content of the COL_INFO line.
|
||||
I<field> is the display-filter name of a field which value should be placed
|
||||
on the COL_INFO line.
|
||||
I<filter> is a filter string that controls for which packets the field value
|
||||
will be presented on COL_INFO line. I<field> will only be presented on the
|
||||
COL_INFO line for the packets which match I<filter>.
|
||||
|
||||
NOTE: In order for I<tethereal> to be able to extract the I<field> value from
|
||||
the packet, I<field> MUST be part of the I<filter> string. If not, I<tethereal>
|
||||
will not be able to extract its value.
|
||||
|
||||
For a simple example to add the "nfs.fh.hash" field to COL_INFO for all
|
||||
packets containing the "nfs.fh.hash" field, use
|
||||
|
||||
B<-z proto,colinfo,nfs.fh.hash,nfs.fh.hash>
|
||||
|
||||
|
||||
To put "nfs.fh.hash" on COL_INFO but only for packets coming from host 1.2.3.4
|
||||
use :
|
||||
|
||||
B<-z "proto,colinfo,nfs.fh.hash && ip.src==1.2.3.4,nfs.fh.hash">
|
||||
|
||||
This option can be used multiple times on the command line.
|
||||
|
||||
|
||||
B<-z> rpc,rtt,I<program>,I<version>[,I<filter>]
|
||||
|
||||
Collect call/reply RTT data for I<program>/I<version>. Data collected
|
||||
|
|
|
@ -0,0 +1,127 @@
|
|||
/* tap-protocolinfo.c
|
||||
* protohierstat 2002 Ronnie Sahlberg
|
||||
*
|
||||
* $Id: tap-protocolinfo.c,v 1.1 2002/11/04 12:10:59 sahlberg Exp $
|
||||
*
|
||||
* Ethereal - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@ethereal.com>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
/* This module provides Protocol Column Info tap for tethereal */
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include "config.h"
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#ifdef HAVE_SYS_TYPES_H
|
||||
# include <sys/types.h>
|
||||
#endif
|
||||
|
||||
#include <string.h>
|
||||
#include "epan/epan_dissect.h"
|
||||
#include "epan/column-utils.h"
|
||||
#include "epan/proto.h"
|
||||
#include "tap.h"
|
||||
#include "register.h"
|
||||
|
||||
typedef struct _pci_t {
|
||||
char *filter;
|
||||
int hf_index;
|
||||
} pci_t;
|
||||
|
||||
|
||||
static int
|
||||
protocolinfo_packet(void *prs, packet_info *pinfo, epan_dissect_t *edt, void *dummy _U_)
|
||||
{
|
||||
pci_t *rs=prs;
|
||||
GPtrArray *gp;
|
||||
guint i;
|
||||
char *str;
|
||||
|
||||
gp=proto_get_finfo_ptr_array(edt->tree, rs->hf_index);
|
||||
if(!gp){
|
||||
return 0;
|
||||
}
|
||||
|
||||
for(i=0;i<gp->len;i++){
|
||||
str=proto_alloc_dfilter_string(gp->pdata[i], NULL);
|
||||
col_append_fstr(pinfo->cinfo, COL_INFO, " %s",str);
|
||||
g_free(str);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
static void
|
||||
protocolinfo_init(char *optarg)
|
||||
{
|
||||
pci_t *rs;
|
||||
char *field=NULL;
|
||||
char *filter=NULL;
|
||||
header_field_info *hfi;
|
||||
|
||||
if(!strncmp("proto,colinfo,",optarg,14)){
|
||||
filter=optarg+14;
|
||||
field=strchr(filter,',');
|
||||
if(field){
|
||||
field+=1; /* skip the ',' */
|
||||
}
|
||||
}
|
||||
if(!field){
|
||||
fprintf(stderr, "tethereal: invalid \"-z proto,colinfo,<filter>,<field>\" argument\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
hfi=proto_registrar_get_byname(field);
|
||||
if(!hfi){
|
||||
fprintf(stderr, "tethereal: Field \"%s\" does not exist.\n", field);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
rs=g_malloc(sizeof(pci_t));
|
||||
rs->hf_index=hfi->id;
|
||||
if((field-filter)>1){
|
||||
rs->filter=g_malloc(field-filter);
|
||||
strncpy(rs->filter,filter,(field-filter)-1);
|
||||
rs->filter[(field-filter)-1]=0;
|
||||
} else {
|
||||
rs->filter=NULL;
|
||||
}
|
||||
|
||||
if(register_tap_listener("frame", rs, rs->filter, NULL, protocolinfo_packet, NULL)){
|
||||
/* error, we failed to attach to the tap. clean up */
|
||||
if(rs->filter){
|
||||
g_free(rs->filter);
|
||||
}
|
||||
g_free(rs);
|
||||
|
||||
fprintf(stderr,"tethereal: protocolinfo_init() failed to attach to tap.\n");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
register_tap_listener_protocolinfo(void)
|
||||
{
|
||||
register_ethereal_tap("proto,colinfo,", protocolinfo_init, NULL, NULL);
|
||||
}
|
||||
|
Loading…
Reference in New Issue