From Dirk Jagdmann via bug 5875:

My attachment adds a link to a XSLT file to the preamble of the PDML.
The XSLT will transform the PDML to a HTML page, and the HTML page
features a look similar to Wireshark. See
http://cubic.org/~doj/ebay/a.pdml for an example.

The patch also contains a small perl program which converts the
Wireshark colortable into javascript code which is used in the XSLT
file. If you want to use a different color scheme you would execute the
perl program and insert the generated javascript function into your XSLT
file.

To view the HTML you could either place the PDML and XSLT file on your
webserver and verify that your webserver sends the PDML file as
"text/xml".  Then your webbrowser will find the linked XSLT file,
download that as well and convert the PDML to HTML on the fly.

You could also use an XSLT processor like xsltproc to convert the PDML
and XSLT into a static HTML file.


From me:

Minor fixups.

svn path=/trunk/; revision=37298

CMakeLists.txt

@@ -604,6 +604,7 @@ set(INSTALL_FILES
 	ipmap.html
 	manuf
 	${CMAKE_BINARY_DIR}/mergecap.html
+	pdml2html.xsl
 	${CMAKE_BINARY_DIR}/randpkt.html
 	${CMAKE_BINARY_DIR}/rawshark.html
 	services

Makefile.am

@@ -61,7 +61,7 @@ idl2wrs: tools/idl2wrs.sh Makefile
 # Wireshark configuration files are put in $(pkgdatadir).
 #
 pkgdata_DATA = COPYING manuf services cfilters colorfilters dfilters \
-	smi_modules ipmap.html
+	smi_modules ipmap.html pdml2html.xsl
 
 #
 # Install the Diameter DTD and XML files in the "diameter" subdirectory

Makefile.nmake

@@ -960,6 +960,7 @@ install-generated-files:
 	xcopy "doc\AUTHORS-SHORT" $(INSTALL_DIR) /d
 	xcopy ".\manuf" $(INSTALL_DIR) /d
 	xcopy ".\services" $(INSTALL_DIR) /d
+	xcopy ".\pdml2html.xsl" $(INSTALL_DIR) /d
 	$(TEXTIFY) "./COPYING" $(INSTALL_DIR)
 	$(TEXTIFY) "./NEWS" $(INSTALL_DIR)
 	$(TEXTIFY) "./README" $(INSTALL_DIR)

file.c

@@ -2489,7 +2489,7 @@ cf_write_pdml_packets(capture_file *cf, print_args_t *print_args)
   if (fh == NULL)
     return CF_PRINT_OPEN_ERROR; /* attempt to open destination failed */
 
-  write_pdml_preamble(fh);
+  write_pdml_preamble(fh, cf->filename);
   if (ferror(fh)) {
     fclose(fh);
     return CF_PRINT_WRITE_ERROR;

packaging/nsis/wireshark.nsi

@@ -427,6 +427,7 @@ File "..\..\wireshark-gtk2\README.windows.txt"
 File "..\..\doc\AUTHORS-SHORT"
 File "..\..\manuf"
 File "..\..\services"
+File "..\..\pdml2html.xsl"
 File "..\..\doc\ws.css"
 File "..\..\doc\wireshark.html"
 File "..\..\doc\wireshark-filter.html"
@@ -1107,6 +1108,7 @@ Delete "$INSTDIR\README*"
 Delete "$INSTDIR\NEWS.txt"
 Delete "$INSTDIR\manuf"
 Delete "$INSTDIR\services"
+Delete "$INSTDIR\pdml2html.xsl"
 Delete "$INSTDIR\pcrepattern.3.txt"
 Delete "$INSTDIR\user-guide.chm"
 Delete "$INSTDIR\example_snmp_users_file"

pdml2html.xsl

@@ -0,0 +1,211 @@
+<?xml version="1.0"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<!-- This XSLT will convert a PDML file, saved by Wireshark, into
+     HTML. The HTML page should look like Wireshark. For questions contact
+     Dirk Jagdmann (doj@cubic.org).
+     Version: 2010-06-09 -->
+
+<!-- set parameters of the HTML output -->
+<xsl:output method="html" encoding="UTF-8" omit-xml-declaration="no" standalone="yes" indent="yes"/>
+
+<!-- this matches the "field" tag -->
+<xsl:template match="field">
+  &#160;&#160;&#160; <!-- indent with 3 non-breaking spaces -->
+
+  <!-- output either the "showname" or "show" attribute -->
+  <xsl:choose>
+    <xsl:when test="string-length(@showname)>0">
+      <xsl:value-of select="@showname"/><br/>
+    </xsl:when>
+    <xsl:otherwise>
+      <!--<xsl:value-of select="@name"/>:--> <xsl:value-of select="@show"/><br/>
+    </xsl:otherwise>
+  </xsl:choose>
+
+  <xsl:apply-templates/> <!-- we expect to match "field" tags -->
+</xsl:template>
+
+<!-- this matches the "packet" tag -->
+<xsl:template match="packet">
+
+  <!-- declare some variables for later use -->
+  <xsl:variable name="frame_num" select="proto[@name='frame']/field[@name='frame.number']/@show"/>
+  <xsl:variable name="frame_id"  select="concat('f',$frame_num)"/>
+  <xsl:variable name="frame_c"   select="concat($frame_id,'c')"/>
+
+  <!-- the "title" bar of the frame -->
+  <div width="100%" id="{$frame_id}">
+    <a href="javascript:toggle_node('{$frame_c}')">&#8658;</a> <!-- #8658 is a "rArr" (double right arrow) character -->
+    Frame <xsl:value-of select="$frame_num"/>:
+    <xsl:for-each select="proto[@name!='geninfo']">
+      <xsl:value-of select="@name"/>,
+    </xsl:for-each>
+    <small><a href="javascript:hide_node('{$frame_id}')">[X]</a></small>
+  </div>
+
+  <!-- the frame contents are stored in a div, so we can toggle it -->
+  <div width="100%" id="{$frame_c}" style="display:none">
+    <!-- loop trough all proto tags, but skip the "geninfo" one -->
+    <xsl:for-each select="proto[@name!='geninfo']">
+
+      <xsl:variable name="proto" select="concat($frame_id,@name)"/>
+
+      <!-- the "title" bar of the proto -->
+      <div width="100%" style="background-color:#e5e5e5; margin-bottom: 2px">
+        &#160;<a href="javascript:toggle_node('{$proto}')">&#8658;</a>&#160;<xsl:value-of select="@showname"/>
+
+        <!-- print "proto" details inside another div -->
+        <div width="100%" id="{$proto}" style="display:none">
+         <xsl:apply-templates/> <!-- we expect to match "field" tags -->
+        </div>
+      </div>
+    </xsl:for-each>
+  </div>
+
+  <!-- use the javascript function set_node_color() to set the color
+       of the frame title bar. Defer colorization until the full page has
+       been loaded. If the browser would support the XPath function
+       replace() we could simply set the class attribute of the title bar div,
+       but for now we're stuck with class names from Wireshark's colorfilters
+       that contain spaces and we can't handle them in CSS. -->
+  <script type="text/javascript">
+    dojo.addOnLoad(function(){
+      set_node_color(
+        '<xsl:value-of select="$frame_id"/>',
+        '<xsl:value-of select="proto[@name='frame']/field[@name='frame.coloring_rule.name']/@show"/>'
+      );
+    });
+  </script>
+</xsl:template>
+
+<xsl:template match="pdml">
+  Capture Filename: <b><xsl:value-of select="@capture_file"/></b>
+  PDML created: <b><xsl:value-of select="@time"/></b>
+  <tt>
+    <xsl:apply-templates/> <!-- we expect to match the "packet" nodes -->
+  </tt>
+</xsl:template>
+
+<!-- this block matches the start of the PDML file -->
+<xsl:template match="/">
+  <html>
+  <head>
+    <title>poor man's Wireshark</title>
+    <script src="http://ajax.googleapis.com/ajax/libs/dojo/1.4/dojo/dojo.xd.js" type="text/javascript"></script>
+    <script type="text/javascript">
+function set_node(node, str)
+{
+  if(dojo.isString(node))
+    node = dojo.byId(node);
+  if(!node) return;
+  node.style.display = str;
+}
+function toggle_node(node)
+{
+  if(dojo.isString(node))
+    node = dojo.byId(node);
+  if(!node) return;
+  set_node(node, (node.style.display != 'none') ? 'none' : 'block');
+}
+function hide_node(node)
+{
+  set_node(node, 'none');
+}
+// this function was generated by colorfilters2js.pl
+function set_node_color(node,colorname)
+{
+  if(dojo.isString(node))
+    node = dojo.byId(node);
+  if(!node) return;
+  var fg;
+  var bg;
+  if(colorname == 'Bad TCP') {
+    bg='#000000';
+    fg='#ff5f5f';
+  }
+  if(colorname == 'HSRP State Change') {
+    bg='#000000';
+    fg='#fff600';
+  }
+  if(colorname == 'Spanning Tree Topology  Change') {
+    bg='#000000';
+    fg='#fff600';
+  }
+  if(colorname == 'OSPF State Change') {
+    bg='#000000';
+    fg='#fff600';
+  }
+  if(colorname == 'ICMP errors') {
+    bg='#000000';
+    fg='#00ff0e';
+  }
+  if(colorname == 'ARP') {
+    bg='#d6e8ff';
+    fg='#000000';
+  }
+  if(colorname == 'ICMP') {
+    bg='#c2c2ff';
+    fg='#000000';
+  }
+  if(colorname == 'TCP RST') {
+    bg='#900000';
+    fg='#fff680';
+  }
+  if(colorname == 'TTL low or unexpected') {
+    bg='#900000';
+    fg='#ffffff';
+  }
+  if(colorname == 'Checksum Errors') {
+    bg='#000000';
+    fg='#ff5f5f';
+  }
+  if(colorname == 'SMB') {
+    bg='#fffa99';
+    fg='#000000';
+  }
+  if(colorname == 'HTTP') {
+    bg='#8dff7f';
+    fg='#000000';
+  }
+  if(colorname == 'IPX') {
+    bg='#ffe3e5';
+    fg='#000000';
+  }
+  if(colorname == 'DCERPC') {
+    bg='#c797ff';
+    fg='#000000';
+  }
+  if(colorname == 'Routing') {
+    bg='#fff3d6';
+    fg='#000000';
+  }
+  if(colorname == 'TCP SYN/FIN') {
+    bg='#a0a0a0';
+    fg='#000000';
+  }
+  if(colorname == 'TCP') {
+    bg='#e7e6ff';
+    fg='#000000';
+  }
+  if(colorname == 'UDP') {
+    bg='#70e0ff';
+    fg='#000000';
+  }
+  if(colorname == 'Broadcast') {
+    bg='#ffffff';
+    fg='#808080';
+  }
+  if(fg.length > 0)
+    node.style.color = fg;
+  if(bg.length > 0)
+    node.style.background = bg;
+}
+    </script>
+  </head>
+    <body>
+      <xsl:apply-templates/> <!-- we expect to match the "pdml" node -->
+    </body>
+  </html>
+</xsl:template>
+
+</xsl:stylesheet>

print.c

@@ -47,6 +47,7 @@
 #include <epan/charsets.h>
 #include <epan/dissectors/packet-data.h>
 #include <epan/dissectors/packet-frame.h>
+#include <epan/filesystem.h>
 
 #define PDML_VERSION "0"
 #define PSML_VERSION "0"
@@ -243,12 +244,19 @@ void proto_tree_print_node(proto_node *node, gpointer data)
 	}
 }
 
+#define PDML2HTML_XSL "pdml2html.xsl"
 void
-write_pdml_preamble(FILE *fh)
+write_pdml_preamble(FILE *fh, const gchar* filename)
 {
+	time_t t=time(NULL);
+	char *ts=asctime(localtime(&t));
+	ts[strlen(ts)-1]=0; /* overwrite \n */
+
 	fputs("<?xml version=\"1.0\"?>\n", fh);
+	fputs("<?xml-stylesheet type=\"text/xsl\" href=\"" PDML2HTML_XSL "\"?>\n", fh);
+	fprintf(fh, "<!-- You can find " PDML2HTML_XSL " in %s or at http://anonsvn.wireshark.org/trunk/wireshark/" PDML2HTML_XSL ". -->\n", get_datafile_dir());
 	fputs("<pdml version=\"" PDML_VERSION "\" ", fh);
-	fprintf(fh, "creator=\"%s/%s\">\n", PACKAGE, VERSION);
+	fprintf(fh, "creator=\"%s/%s\" time=\"%s\" capture_file=\"%s\">\n", PACKAGE, VERSION, ts, filename);
 }
 
 void

print.h

@@ -133,7 +133,7 @@ extern gboolean proto_tree_print(print_args_t *print_args, epan_dissect_t *edt,
      print_stream_t *stream);
 extern gboolean print_hex_data(print_stream_t *stream, epan_dissect_t *edt);
 
-extern void write_pdml_preamble(FILE *fh);
+extern void write_pdml_preamble(FILE *fh, const gchar* filename);
 extern void proto_tree_write_pdml(epan_dissect_t *edt, FILE *fh);
 extern void write_pdml_finale(FILE *fh);
 

tools/colorfilters2js.pl

@@ -0,0 +1,38 @@
+#!/usr/bin/env perl
+#
+# perl program to convert a Wireshark color scheme to javascript
+# code. The javascript function should then be inserted into the
+# pdml2html.xsl file.
+#
+# run this as: perl tools/colorfilters2js.pl colorfilters
+
+print<<'EOF';
+function set_node_color(node,colorname)
+{
+  if(dojo.isString(node))
+    node = dojo.byId(node);
+  if(!node) return;
+  var fg;
+  var bg;
+EOF
+
+while(<>)
+{
+    if(/\@(.+?)\@.+\[(\d+),(\d+),(\d+)\]\[(\d+),(\d+),(\d+)\]/)
+    {
+	print "  if(colorname == '$1') {\n";
+	printf("    bg='#%02x%02x%02x';\n", $2/256, $3/256, $4/256);
+	printf("    fg='#%02x%02x%02x';\n", $5/256, $6/256, $7/256);
+	print "  }\n";
+    }
+}
+
+print<<'EOF';
+  if(fg.length > 0)
+    node.style.color = fg;
+  if(bg.length > 0)
+    node.style.background = bg;
+}
+EOF
+
+exit 0;

tshark.c

@@ -3015,7 +3015,7 @@ write_preamble(capture_file *cf)
 
   case WRITE_XML:
     if (verbose)
-      write_pdml_preamble(stdout);
+	write_pdml_preamble(stdout, cf->filename);
     else
       write_psml_preamble(stdout);
     return !ferror(stdout);