2 * Collecting Expert information.
4 * Implemented as a tap named "expert".
8 * Wireshark - Network traffic analyzer
9 * By Gerald Combs <gerald@wireshark.org>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
37 /* proto_expert cannot be static because it's referenced in the
40 int proto_expert = -1;
42 static int expert_tap = -1;
43 static int highest_severity = 0;
45 static int ett_expert = -1;
46 static int ett_subexpert = -1;
48 static int hf_expert_msg = -1;
49 static int hf_expert_group = -1;
50 static int hf_expert_severity = -1;
52 const value_string expert_group_vals[] = {
53 { PI_CHECKSUM, "Checksum" },
54 { PI_SEQUENCE, "Sequence" },
55 { PI_RESPONSE_CODE, "Response" },
56 { PI_REQUEST_CODE, "Request" },
57 { PI_UNDECODED, "Undecoded" },
58 { PI_REASSEMBLE, "Reassemble" },
59 { PI_MALFORMED, "Malformed" },
60 { PI_DEBUG, "Debug" },
61 { PI_PROTOCOL, "Protocol" },
62 { PI_SECURITY, "Security" },
66 const value_string expert_severity_vals[] = {
67 { PI_ERROR, "Error" },
78 static hf_register_info hf[] = {
80 { "Message", "expert.message", FT_STRING, BASE_NONE, NULL, 0, "Wireshark expert information", HFILL }
83 { "Group", "expert.group", FT_UINT32, BASE_NONE, VALS(expert_group_vals), 0, "Wireshark expert group", HFILL }
85 { &hf_expert_severity,
86 { "Severity level", "expert.severity", FT_UINT32, BASE_NONE, VALS(expert_severity_vals), 0, "Wireshark expert severity level", HFILL }
89 static gint *ett[] = {
94 if (expert_tap == -1) {
95 expert_tap = register_tap("expert");
98 if (proto_expert == -1) {
99 proto_expert = proto_register_protocol("Expert Info", "Expert", "expert");
100 proto_register_field_array(proto_expert, hf, array_length(hf));
101 proto_register_subtree_array(ett, array_length(ett));
102 proto_set_cant_toggle(proto_expert);
105 highest_severity = 0;
117 expert_get_highest_severity(void)
119 return highest_severity;
123 /* set's the PI_ flags to a protocol item
124 * (and its parent items till the toplevel) */
126 expert_set_item_flags(proto_item *pi, int group, int severity)
128 if (proto_item_set_expert_flags(pi, group, severity)) {
129 /* propagate till toplevel item */
130 pi = proto_item_get_parent(pi);
131 expert_set_item_flags(pi, group, severity);
136 expert_create_tree(proto_item *pi, int group, int severity, const char *msg)
141 tree = proto_item_add_subtree(pi, ett_expert);
142 ti = proto_tree_add_protocol_format(tree, proto_expert, NULL, 0, 0, "Expert Info (%s/%s): %s",
143 val_to_str(severity, expert_severity_vals, "Unknown (%u)"),
144 val_to_str(group, expert_group_vals, "Unknown (%u)"),
146 PROTO_ITEM_SET_GENERATED(ti);
148 if (group == PI_MALFORMED) {
149 /* Add hidden malformed protocol filter */
150 gint proto_malformed = proto_get_id_by_filter_name("malformed");
151 proto_item *malformed_ti = proto_tree_add_item(tree, proto_malformed, NULL, 0, 0, ENC_NA);
152 PROTO_ITEM_SET_HIDDEN(malformed_ti);
155 return proto_item_add_subtree(ti, ett_subexpert);
159 expert_set_info_vformat(packet_info *pinfo, proto_item *pi, int group, int severity, const char *format, va_list ap)
161 char formatted[ITEM_LABEL_LENGTH];
167 /* if this packet isn't loaded because of a read filter, don't output anything */
168 if (pinfo == NULL || PINFO_FD_NUM(pinfo) == 0) {
172 if (severity > highest_severity) {
173 highest_severity = severity;
176 if (pi != NULL && PITEM_FINFO(pi) != NULL) {
177 expert_set_item_flags(pi, group, severity);
180 col_add_str(pinfo->cinfo, COL_EXPERT, val_to_str(severity, expert_severity_vals, "Unknown (%u)"));
182 g_vsnprintf(formatted, ITEM_LABEL_LENGTH, format, ap);
184 tree = expert_create_tree(pi, group, severity, formatted);
185 ti = proto_tree_add_string(tree, hf_expert_msg, NULL, 0, 0, formatted);
186 PROTO_ITEM_SET_GENERATED(ti);
187 ti = proto_tree_add_uint(tree, hf_expert_severity, NULL, 0, 0, severity);
188 PROTO_ITEM_SET_GENERATED(ti);
189 ti = proto_tree_add_uint(tree, hf_expert_group, NULL, 0, 0, group);
190 PROTO_ITEM_SET_GENERATED(ti);
192 tap = have_tap_listener(expert_tap);
197 ei = ep_alloc(sizeof(expert_info_t));
199 ei->packet_num = PINFO_FD_NUM(pinfo);
201 ei->severity = severity;
202 ei->protocol = pinfo->current_proto;
203 ei->summary = ep_strdup(formatted);
205 /* if we have a proto_item (not a faked item), set expert attributes to it */
206 if (pi != NULL && PITEM_FINFO(pi) != NULL) {
212 tap_queue_packet(expert_tap, pinfo, ei);
217 expert_add_info_format(packet_info *pinfo, proto_item *pi, int group, int severity, const char *format, ...)
221 va_start(ap, format);
222 expert_set_info_vformat(pinfo, pi, group, severity, format, ap);
227 expert_add_undecoded_item(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int offset, int length, const int severity)
230 proto_item *expert_item;
232 expert_item = proto_tree_add_text(tree, tvb, offset, length, "Not dissected yet");
234 expert_add_info_format(pinfo, expert_item, PI_UNDECODED, severity, "Not dissected yet(report to wireshark.org)"); \
235 PROTO_ITEM_SET_GENERATED(expert_item); \