2021-11-26 03:31:05 +00:00
|
|
|
/** @file
|
1998-11-17 04:29:13 +00:00
|
|
|
* Definitions for column handling routines
|
2022-08-06 13:31:23 +00:00
|
|
|
* Column preference and format settings.
|
|
|
|
|
*
|
|
|
|
|
* For internal Wireshark useonly. Don't include this header in dissectors!
|
1998-11-17 04:29:13 +00:00
|
|
|
*
|
2006-05-21 05:12:17 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
1998-11-17 04:29:13 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
|
*
|
2018-02-08 16:59:17 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
1998-11-17 04:29:13 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef __COLUMN_H__
|
|
|
|
|
#define __COLUMN_H__
|
|
|
|
|
|
2013-03-01 23:53:11 +00:00
|
|
|
#include "ws_symbol_export.h"
|
2022-08-06 13:31:23 +00:00
|
|
|
#include <epan/column-utils.h>
|
2013-03-01 23:53:11 +00:00
|
|
|
|
2007-01-18 18:43:30 +00:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C" {
|
|
|
|
|
#endif /* __cplusplus */
|
|
|
|
|
|
1998-11-17 04:29:13 +00:00
|
|
|
typedef struct _fmt_data {
|
2011-11-13 22:51:49 +00:00
|
|
|
gchar *title; /* title of the column */
|
|
|
|
|
int fmt; /* format of column */
|
2015-12-11 08:34:08 +00:00
|
|
|
gchar *custom_fields; /* fields names for COL_CUSTOM */
|
2011-11-13 22:51:49 +00:00
|
|
|
gint custom_occurrence; /* optional ordinal of occurrence of that field */
|
2023-07-17 18:56:01 +00:00
|
|
|
bool visible; /* if FALSE, hide this column */
|
|
|
|
|
bool resolved; /* if TRUE, show a more human-readable name */
|
1998-11-17 04:29:13 +00:00
|
|
|
} fmt_data;
|
|
|
|
|
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-04-03 18:18:50 +00:00
|
|
|
const gchar *col_format_to_string(const gint);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-04-03 18:18:50 +00:00
|
|
|
const gchar *col_format_desc(const gint);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
epan: Register dynamic column fields and make them filterable
Make the text of each registered column a FT_STRING field that can be
filtered, prefixed with _ws.col - these work in display filters, filters
in taps, coloring rules, Wireshark read filters, and in the -Y, -R, -e,
and -j options to tshark. Use them as the default "Apply as Filter" value
for the columns that aren't handled by anything else currently.
Because only the columns formats that actually correspond to columns
get filled in (invisible columns work), register and deregister the
fields when the columns change.
Use the lower case version of the rest of the COL_* define for each
column as the field name.
This adds a number of conditions to "when are the columns needed",
including when the main display filter or any filter on a tap is
using one of these fields.
Custom columns are currently not implemented. For custom columns, the
tree then has to be further primed with any fields used by the custom
columns as well. (Perhaps that should happen in epan_dissect_run() -
are there any cases where we construct the columns and don't want to
prime with any field that custom columns contains? Possibly in taps
that we know only use build in columns.)
Thus, for performance reasons, you're better off matching an ordinary
field if possible; it takes extra time to generate the columns and many
of them are numeric types. (Note that you can always convert a non-string
field to a string field if you want regex matching, consult the
*wireshark-filter(4)* man page.) It does save a bit on typing (especially
for a multifield custom column) and remembering the column title might
be easier in some cases.
The columns are set before the color filters, which means that you
can have a color filter that depends on a built-in column like Info or
Protocol.
Remove the special handling for the -e option to tshark. Note that
the behavior is a little different now, because fixed field names
are used instead of the titles (using the titles allowed illegal
filter names, because it wasn't going through the filter engine.)
For default names, this means that they're no longer capitalized,
so "_ws.col.info" instead of "_ws.col.Info" - hopefully a small
price in exchange for the filters working everywhere.
The output format for -T fields remains the same; all that special
handling is removed (except for remembering if someone asked for
a column field to know that columns should be constructed.)
They're also set before the postdissectors, so postdissectors can
have access.
Anything that depends on whether a packet and previous packets are
displayed (COL_DELTA_TIME_DIS or COL_CUMULATIVE_BYTES) doesn't work
the way most people expect, so don't register fields for those.
(The same is already true of color filters that use those, along with
color filters that use the color filter fields.)
Fix #16576. Fix #17971. Fix #4684. Fix #13491. Fix #13941.
2023-05-01 12:02:18 +00:00
|
|
|
const gchar *col_format_abbrev(const gint);
|
|
|
|
|
WS_DLL_PUBLIC
|
2010-04-03 18:18:50 +00:00
|
|
|
gint get_column_format(const gint);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-10-09 15:22:53 +00:00
|
|
|
void set_column_format(const gint, const gint);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-04-03 18:18:50 +00:00
|
|
|
void get_column_format_matches(gboolean *, const gint);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-04-03 18:18:50 +00:00
|
|
|
gint get_column_format_from_str(const gchar *);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-04-03 18:18:50 +00:00
|
|
|
gchar *get_column_title(const gint);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-10-09 15:22:53 +00:00
|
|
|
void set_column_title(const gint, const gchar *);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-06-20 16:23:43 +00:00
|
|
|
gboolean get_column_visible(const gint);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-06-20 16:23:43 +00:00
|
|
|
void set_column_visible(const gint, gboolean);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-06-25 06:42:34 +00:00
|
|
|
gboolean get_column_resolved(const gint);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-06-25 06:42:34 +00:00
|
|
|
void set_column_resolved(const gint, gboolean);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2015-12-11 08:34:08 +00:00
|
|
|
const gchar *get_column_custom_fields(const gint);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2015-12-11 08:34:08 +00:00
|
|
|
void set_column_custom_fields(const gint, const char *);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-09-22 20:56:14 +00:00
|
|
|
gint get_column_custom_occurrence(const gint);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-10-09 15:22:53 +00:00
|
|
|
void set_column_custom_occurrence(const gint, const gint);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-04-03 18:18:50 +00:00
|
|
|
const gchar *get_column_width_string(const gint, const gint);
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2010-04-03 18:18:50 +00:00
|
|
|
gint get_column_char_width(const gint format);
|
2015-11-22 20:25:15 +00:00
|
|
|
WS_DLL_PUBLIC
|
|
|
|
|
gchar *get_column_tooltip(const gint col);
|
1998-11-17 04:29:13 +00:00
|
|
|
|
2022-07-09 16:34:15 +00:00
|
|
|
/** Get the text of a column element. The string returned may
|
|
|
|
|
* depend on whether the resolved member variable is set.
|
|
|
|
|
* For internal Wireshark use, not to be called from dissectors.
|
|
|
|
|
* Dissectors use col_get_text() in column-utils.h
|
|
|
|
|
*
|
|
|
|
|
* @param cinfo the column information
|
|
|
|
|
* @param col the column index to use (not the format)
|
|
|
|
|
*
|
|
|
|
|
* @return the text string
|
|
|
|
|
*/
|
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
|
const gchar *get_column_text(column_info *cinfo, const gint col);
|
|
|
|
|
|
2017-09-27 20:03:43 +00:00
|
|
|
WS_DLL_PUBLIC
|
|
|
|
|
void
|
|
|
|
|
col_finalize(column_info *cinfo);
|
|
|
|
|
|
2013-03-01 23:53:11 +00:00
|
|
|
WS_DLL_PUBLIC
|
2007-06-04 20:15:10 +00:00
|
|
|
void
|
2010-04-03 18:18:50 +00:00
|
|
|
build_column_format_array(column_info *cinfo, const gint num_cols, const gboolean reset_fences);
|
2007-06-04 20:15:10 +00:00
|
|
|
|
2013-10-15 18:27:35 +00:00
|
|
|
WS_DLL_PUBLIC
|
|
|
|
|
void column_dump_column_formats(void);
|
|
|
|
|
|
2023-04-25 03:12:02 +00:00
|
|
|
/** Parse a column format string into a fmt_data struct.
|
|
|
|
|
* If the format string possibly can be that of a deprecated column
|
|
|
|
|
* that has been migrated to a custom column (e.g., upon first being
|
|
|
|
|
* read from a preference file), call try_convert_to_custom_column() first.
|
|
|
|
|
*
|
|
|
|
|
* @param[out] cfmt The parsed cfmt, still owned by the caller.
|
|
|
|
|
* For custom columns, the caller is responsible for freeing
|
|
|
|
|
* the custom_fields member as well.
|
|
|
|
|
* @param[in] fmt The column format to parse.
|
|
|
|
|
*
|
|
|
|
|
* @return TRUE if conversion was successful, FALSE if unsuccessful
|
|
|
|
|
*/
|
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
|
gboolean parse_column_format(fmt_data *cfmt, const char *fmt);
|
|
|
|
|
|
|
|
|
|
/** Checks a column format string to see if it is a deprecated column
|
|
|
|
|
* that has been migrated to a custom column, and converts the format
|
|
|
|
|
* to the corresponding custom column format if so, otherwise leaving
|
|
|
|
|
* it unchanged.
|
|
|
|
|
*
|
|
|
|
|
* @param[in,out] fmt The column format to check and possibly convert.
|
|
|
|
|
*/
|
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
|
void try_convert_to_custom_column(char **fmt);
|
epan: Register dynamic column fields and make them filterable
Make the text of each registered column a FT_STRING field that can be
filtered, prefixed with _ws.col - these work in display filters, filters
in taps, coloring rules, Wireshark read filters, and in the -Y, -R, -e,
and -j options to tshark. Use them as the default "Apply as Filter" value
for the columns that aren't handled by anything else currently.
Because only the columns formats that actually correspond to columns
get filled in (invisible columns work), register and deregister the
fields when the columns change.
Use the lower case version of the rest of the COL_* define for each
column as the field name.
This adds a number of conditions to "when are the columns needed",
including when the main display filter or any filter on a tap is
using one of these fields.
Custom columns are currently not implemented. For custom columns, the
tree then has to be further primed with any fields used by the custom
columns as well. (Perhaps that should happen in epan_dissect_run() -
are there any cases where we construct the columns and don't want to
prime with any field that custom columns contains? Possibly in taps
that we know only use build in columns.)
Thus, for performance reasons, you're better off matching an ordinary
field if possible; it takes extra time to generate the columns and many
of them are numeric types. (Note that you can always convert a non-string
field to a string field if you want regex matching, consult the
*wireshark-filter(4)* man page.) It does save a bit on typing (especially
for a multifield custom column) and remembering the column title might
be easier in some cases.
The columns are set before the color filters, which means that you
can have a color filter that depends on a built-in column like Info or
Protocol.
Remove the special handling for the -e option to tshark. Note that
the behavior is a little different now, because fixed field names
are used instead of the titles (using the titles allowed illegal
filter names, because it wasn't going through the filter engine.)
For default names, this means that they're no longer capitalized,
so "_ws.col.info" instead of "_ws.col.Info" - hopefully a small
price in exchange for the filters working everywhere.
The output format for -T fields remains the same; all that special
handling is removed (except for remembering if someone asked for
a column field to know that columns should be constructed.)
They're also set before the postdissectors, so postdissectors can
have access.
Anything that depends on whether a packet and previous packets are
displayed (COL_DELTA_TIME_DIS or COL_CUMULATIVE_BYTES) doesn't work
the way most people expect, so don't register fields for those.
(The same is already true of color filters that use those, along with
color filters that use the color filter fields.)
Fix #16576. Fix #17971. Fix #4684. Fix #13491. Fix #13941.
2023-05-01 12:02:18 +00:00
|
|
|
|
2023-08-19 12:08:00 +00:00
|
|
|
/** Checks a column field string to see if it is a name of a filter
|
|
|
|
|
* field created using a default column title (as used in tshark -e),
|
|
|
|
|
* and alias it to the new column type based field.
|
|
|
|
|
*
|
|
|
|
|
* @param[in] field The old title based field, e.g. "_ws.col.Info"
|
|
|
|
|
* @return The new field, e.g. "_ws.col.info", or NULL
|
|
|
|
|
*/
|
|
|
|
|
WS_DLL_PUBLIC
|
|
|
|
|
const char* try_convert_to_column_field(const char *field);
|
|
|
|
|
|
epan: Register dynamic column fields and make them filterable
Make the text of each registered column a FT_STRING field that can be
filtered, prefixed with _ws.col - these work in display filters, filters
in taps, coloring rules, Wireshark read filters, and in the -Y, -R, -e,
and -j options to tshark. Use them as the default "Apply as Filter" value
for the columns that aren't handled by anything else currently.
Because only the columns formats that actually correspond to columns
get filled in (invisible columns work), register and deregister the
fields when the columns change.
Use the lower case version of the rest of the COL_* define for each
column as the field name.
This adds a number of conditions to "when are the columns needed",
including when the main display filter or any filter on a tap is
using one of these fields.
Custom columns are currently not implemented. For custom columns, the
tree then has to be further primed with any fields used by the custom
columns as well. (Perhaps that should happen in epan_dissect_run() -
are there any cases where we construct the columns and don't want to
prime with any field that custom columns contains? Possibly in taps
that we know only use build in columns.)
Thus, for performance reasons, you're better off matching an ordinary
field if possible; it takes extra time to generate the columns and many
of them are numeric types. (Note that you can always convert a non-string
field to a string field if you want regex matching, consult the
*wireshark-filter(4)* man page.) It does save a bit on typing (especially
for a multifield custom column) and remembering the column title might
be easier in some cases.
The columns are set before the color filters, which means that you
can have a color filter that depends on a built-in column like Info or
Protocol.
Remove the special handling for the -e option to tshark. Note that
the behavior is a little different now, because fixed field names
are used instead of the titles (using the titles allowed illegal
filter names, because it wasn't going through the filter engine.)
For default names, this means that they're no longer capitalized,
so "_ws.col.info" instead of "_ws.col.Info" - hopefully a small
price in exchange for the filters working everywhere.
The output format for -T fields remains the same; all that special
handling is removed (except for remembering if someone asked for
a column field to know that columns should be constructed.)
They're also set before the postdissectors, so postdissectors can
have access.
Anything that depends on whether a packet and previous packets are
displayed (COL_DELTA_TIME_DIS or COL_CUMULATIVE_BYTES) doesn't work
the way most people expect, so don't register fields for those.
(The same is already true of color filters that use those, along with
color filters that use the color filter fields.)
Fix #16576. Fix #17971. Fix #4684. Fix #13491. Fix #13941.
2023-05-01 12:02:18 +00:00
|
|
|
WS_DLL_PUBLIC
|
|
|
|
|
void column_register_fields(void);
|
2007-01-18 18:43:30 +00:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
}
|
|
|
|
|
#endif /* __cplusplus */
|
|
|
|
|
|
1998-11-17 04:29:13 +00:00
|
|
|
#endif /* column.h */
|