2 * Routines for printing packet analysis trees.
4 * Gilbert Ramirez <gram@alumni.rice.edu>
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
30 #include <epan/packet.h>
31 #include <epan/epan.h>
32 #include <epan/epan_dissect.h>
33 #include <epan/to_str.h>
34 #include <epan/expert.h>
35 #include <epan/packet-range.h>
36 #include <epan/print.h>
37 #include <epan/charsets.h>
38 #include <wsutil/filesystem.h>
39 #include <wsutil/ws_version_info.h>
40 #include <wsutil/utf8_entities.h>
41 #include <ftypes/ftypes-int.h>
43 #define PDML_VERSION "0"
44 #define PSML_VERSION "0"
48 print_stream_t *stream;
51 print_dissections_e print_dissections;
52 gboolean print_hex_for_data;
53 packet_char_enc encoding;
55 GHashTable *output_only_tables; /* output only these protocols */
66 output_fields_t *fields;
70 struct _output_fields {
71 gboolean print_header;
76 GHashTable *field_indicies;
77 GPtrArray **field_values;
79 gboolean includes_col_fields;
82 static gchar *get_field_hex_value(GSList *src_list, field_info *fi);
83 static void proto_tree_print_node(proto_node *node, gpointer data);
84 static void proto_tree_write_node_pdml(proto_node *node, gpointer data);
85 static const guint8 *get_field_data(GSList *src_list, field_info *fi);
86 static void pdml_write_field_hex_value(write_pdml_data *pdata, field_info *fi);
87 static gboolean print_hex_data_buffer(print_stream_t *stream, const guchar *cp,
88 guint length, packet_char_enc encoding);
89 static void print_escaped_xml(FILE *fh, const char *unescaped_string);
91 static void print_pdml_geninfo(proto_tree *tree, FILE *fh);
93 static void proto_tree_get_node_field_values(proto_node *node, gpointer data);
95 /* Cache the protocols and field handles that the print functionality needs
96 This helps break explicit dependency on the dissectors. */
97 static int proto_data = -1;
98 static int proto_frame = -1;
99 static int hf_frame_arrival_time = -1;
100 static int hf_frame_number = -1;
101 static int hf_frame_len = -1;
102 static int hf_frame_capture_len = -1;
104 void print_cache_field_handles(void)
106 proto_data = proto_get_id_by_short_name("Data");
107 proto_frame = proto_get_id_by_short_name("Frame");
108 hf_frame_arrival_time = proto_registrar_get_id_byname("frame.time");
109 hf_frame_number = proto_registrar_get_id_byname("frame.number");
110 hf_frame_len = proto_registrar_get_id_byname("frame.len");
111 hf_frame_capture_len = proto_registrar_get_id_byname("frame.cap_len");
115 proto_tree_print(print_args_t *print_args, epan_dissect_t *edt,
116 GHashTable *output_only_tables, print_stream_t *stream)
120 /* Create the output */
122 data.stream = stream;
124 data.src_list = edt->pi.data_src;
125 data.encoding = (packet_char_enc)edt->pi.fd->flags.encoding;
126 data.print_dissections = print_args->print_dissections;
127 /* If we're printing the entire packet in hex, don't
128 print uninterpreted data fields in hex as well. */
129 data.print_hex_for_data = !print_args->print_hex;
131 data.output_only_tables = output_only_tables;
133 proto_tree_children_foreach(edt->tree, proto_tree_print_node, &data);
137 /* Print a tree's data, and any child nodes. */
139 proto_tree_print_node(proto_node *node, gpointer data)
141 field_info *fi = PNODE_FINFO(node);
142 print_data *pdata = (print_data*) data;
144 gchar label_str[ITEM_LABEL_LENGTH];
147 /* dissection with an invisible proto tree? */
150 /* Don't print invisible entries. */
151 if (PROTO_ITEM_IS_HIDDEN(node))
154 /* Give up if we've already gotten an error. */
158 /* was a free format label produced? */
160 label_ptr = fi->rep->representation;
162 else { /* no, make a generic label */
163 label_ptr = label_str;
164 proto_item_fill_label(fi, label_str);
167 if (PROTO_ITEM_IS_GENERATED(node))
168 label_ptr = g_strconcat("[", label_ptr, "]", NULL);
170 pdata->success = print_line(pdata->stream, pdata->level, label_ptr);
172 if (PROTO_ITEM_IS_GENERATED(node))
179 * If -O is specified, only display the protocols which are in the
180 * lookup table. Only check on the first level: once we start printing
181 * a tree, print the rest of the subtree. Otherwise we won't print
182 * subitems whose abbreviation doesn't match the protocol--for example
183 * text items (whose abbreviation is simply "text").
185 if ((pdata->output_only_tables != NULL) && (pdata->level == 0)
186 && (g_hash_table_lookup(pdata->output_only_tables, fi->hfinfo->abbrev) == NULL)) {
190 /* If it's uninterpreted data, dump it (unless our caller will
191 be printing the entire packet in hex). */
192 if ((fi->hfinfo->id == proto_data) && (pdata->print_hex_for_data)) {
194 * Find the data for this field.
196 pd = get_field_data(pdata->src_list, fi);
198 if (!print_line(pdata->stream, 0, "")) {
199 pdata->success = FALSE;
202 if (!print_hex_data_buffer(pdata->stream, pd,
203 fi->length, pdata->encoding)) {
204 pdata->success = FALSE;
210 /* If we're printing all levels, or if this node is one with a
211 subtree and its subtree is expanded, recurse into the subtree,
213 g_assert((fi->tree_type >= -1) && (fi->tree_type < num_tree_types));
214 if ((pdata->print_dissections == print_dissections_expanded) ||
215 ((pdata->print_dissections == print_dissections_as_displayed) &&
216 (fi->tree_type >= 0) && tree_expanded(fi->tree_type))) {
217 if (node->first_child != NULL) {
219 proto_tree_children_foreach(node,
220 proto_tree_print_node, pdata);
228 #define PDML2HTML_XSL "pdml2html.xsl"
230 write_pdml_preamble(FILE *fh, const gchar *filename)
232 time_t t = time(NULL);
233 char *ts = asctime(localtime(&t));
235 ts[strlen(ts)-1] = 0; /* overwrite \n */
237 fputs("<?xml version=\"1.0\"?>\n", fh);
238 fputs("<?xml-stylesheet type=\"text/xsl\" href=\"" PDML2HTML_XSL "\"?>\n", fh);
239 fprintf(fh, "<!-- You can find " PDML2HTML_XSL " in %s or at https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=" PDML2HTML_XSL ". -->\n", get_datafile_dir());
240 fputs("<pdml version=\"" PDML_VERSION "\" ", fh);
241 fprintf(fh, "creator=\"%s/%s\" time=\"%s\" capture_file=\"%s\">\n", PACKAGE, VERSION, ts, filename ? filename : "");
245 write_pdml_proto_tree(epan_dissect_t *edt, FILE *fh)
247 write_pdml_data data;
249 /* Create the output */
252 data.src_list = edt->pi.data_src;
255 fprintf(fh, "<packet>\n");
257 /* Print a "geninfo" protocol as required by PDML */
258 print_pdml_geninfo(edt->tree, fh);
260 proto_tree_children_foreach(edt->tree, proto_tree_write_node_pdml,
263 fprintf(fh, "</packet>\n\n");
266 /* Write out a tree's data, and any child nodes, as PDML */
268 proto_tree_write_node_pdml(proto_node *node, gpointer data)
270 field_info *fi = PNODE_FINFO(node);
271 write_pdml_data *pdata = (write_pdml_data*) data;
272 const gchar *label_ptr;
273 gchar label_str[ITEM_LABEL_LENGTH];
274 char *dfilter_string;
276 gboolean wrap_in_fake_protocol;
278 /* dissection with an invisible proto tree? */
281 /* Will wrap up top-level field items inside a fake protocol wrapper to
282 preserve the PDML schema */
283 wrap_in_fake_protocol =
284 (((fi->hfinfo->type != FT_PROTOCOL) ||
285 (fi->hfinfo->id == proto_data)) &&
286 (pdata->level == 0));
288 /* Indent to the correct level */
289 for (i = -1; i < pdata->level; i++) {
290 fputs(" ", pdata->fh);
293 if (wrap_in_fake_protocol) {
294 /* Open fake protocol wrapper */
295 fputs("<proto name=\"fake-field-wrapper\">\n", pdata->fh);
297 /* Indent to increased level before writing out field */
299 for (i = -1; i < pdata->level; i++) {
300 fputs(" ", pdata->fh);
304 /* Text label. It's printed as a field with no name. */
305 if (fi->hfinfo->id == hf_text_only) {
308 label_ptr = fi->rep->representation;
314 /* Show empty name since it is a required field */
315 fputs("<field name=\"", pdata->fh);
316 fputs("\" show=\"", pdata->fh);
317 print_escaped_xml(pdata->fh, label_ptr);
319 fprintf(pdata->fh, "\" size=\"%d", fi->length);
320 if (node->parent && node->parent->finfo && (fi->start < node->parent->finfo->start)) {
321 fprintf(pdata->fh, "\" pos=\"%d", node->parent->finfo->start + fi->start);
323 fprintf(pdata->fh, "\" pos=\"%d", fi->start);
326 if (fi->length > 0) {
327 fputs("\" value=\"", pdata->fh);
328 pdml_write_field_hex_value(pdata, fi);
331 if (node->first_child != NULL) {
332 fputs("\">\n", pdata->fh);
335 fputs("\"/>\n", pdata->fh);
339 /* Uninterpreted data, i.e., the "Data" protocol, is
340 * printed as a field instead of a protocol. */
341 else if (fi->hfinfo->id == proto_data) {
343 /* Write out field with data */
344 fputs("<field name=\"data\" value=\"", pdata->fh);
345 pdml_write_field_hex_value(pdata, fi);
346 fputs("\">\n", pdata->fh);
348 /* Normal protocols and fields */
350 if ((fi->hfinfo->type == FT_PROTOCOL) && (fi->hfinfo->id != proto_expert)) {
351 fputs("<proto name=\"", pdata->fh);
354 fputs("<field name=\"", pdata->fh);
356 print_escaped_xml(pdata->fh, fi->hfinfo->abbrev);
360 * http://www.nbee.org/doku.php?id=netpdl:pdml_specification
362 * the show fields contains things in 'human readable' format
363 * showname: contains only the name of the field
364 * show: contains only the data of the field
365 * showdtl: contains additional details of the field data
366 * showmap: contains mappings of the field data (e.g. the hostname to an IP address)
368 * XXX - the showname shouldn't contain the field data itself
369 * (like it's contained in the fi->rep->representation).
370 * Unfortunately, we don't have the field data representation for
371 * all fields, so this isn't currently possible */
372 fputs("\" showname=\"", pdata->fh);
373 print_escaped_xml(pdata->fh, fi->hfinfo->name);
377 fputs("\" showname=\"", pdata->fh);
378 print_escaped_xml(pdata->fh, fi->rep->representation);
381 label_ptr = label_str;
382 proto_item_fill_label(fi, label_str);
383 fputs("\" showname=\"", pdata->fh);
384 print_escaped_xml(pdata->fh, label_ptr);
387 if (PROTO_ITEM_IS_HIDDEN(node))
388 fprintf(pdata->fh, "\" hide=\"yes");
390 fprintf(pdata->fh, "\" size=\"%d", fi->length);
391 if (node->parent && node->parent->finfo && (fi->start < node->parent->finfo->start)) {
392 fprintf(pdata->fh, "\" pos=\"%d", node->parent->finfo->start + fi->start);
394 fprintf(pdata->fh, "\" pos=\"%d", fi->start);
396 /* fprintf(pdata->fh, "\" id=\"%d", fi->hfinfo->id);*/
398 /* show, value, and unmaskedvalue attributes */
399 switch (fi->hfinfo->type)
404 fputs("\" show=\"\" value=\"", pdata->fh);
407 dfilter_string = fvalue_to_string_repr(&fi->value, FTREPR_DISPLAY, fi->hfinfo->display, NULL);
408 if (dfilter_string != NULL) {
410 fputs("\" show=\"", pdata->fh);
411 print_escaped_xml(pdata->fh, dfilter_string);
413 g_free(dfilter_string);
416 * XXX - should we omit "value" for any fields?
417 * What should we do for fields whose length is 0?
418 * They might come from a pseudo-header or from
419 * the capture header (e.g., time stamps), or
420 * they might be generated fields.
422 if (fi->length > 0) {
423 fputs("\" value=\"", pdata->fh);
425 if (fi->hfinfo->bitmask!=0) {
426 switch (fi->value.ftype->ftype) {
431 fprintf(pdata->fh, "%X", (guint) fvalue_get_sinteger(&fi->value));
437 fprintf(pdata->fh, "%X", fvalue_get_uinteger(&fi->value));
443 fprintf(pdata->fh, "%" G_GINT64_MODIFIER "X", fvalue_get_sinteger64(&fi->value));
450 fprintf(pdata->fh, "%" G_GINT64_MODIFIER "X", fvalue_get_uinteger64(&fi->value));
453 g_assert_not_reached();
455 fputs("\" unmaskedvalue=\"", pdata->fh);
456 pdml_write_field_hex_value(pdata, fi);
459 pdml_write_field_hex_value(pdata, fi);
464 if (node->first_child != NULL) {
465 fputs("\">\n", pdata->fh);
467 else if (fi->hfinfo->id == proto_data) {
468 fputs("\">\n", pdata->fh);
471 fputs("\"/>\n", pdata->fh);
475 /* We always print all levels for PDML. Recurse here. */
476 if (node->first_child != NULL) {
478 proto_tree_children_foreach(node,
479 proto_tree_write_node_pdml, pdata);
483 /* Take back the extra level we added for fake wrapper protocol */
484 if (wrap_in_fake_protocol) {
488 if (node->first_child != NULL) {
489 /* Indent to correct level */
490 for (i = -1; i < pdata->level; i++) {
491 fputs(" ", pdata->fh);
493 /* Close off current element */
494 /* Data and expert "protocols" use simple tags */
495 if ((fi->hfinfo->id != proto_data) && (fi->hfinfo->id != proto_expert)) {
496 if (fi->hfinfo->type == FT_PROTOCOL) {
497 fputs("</proto>\n", pdata->fh);
500 fputs("</field>\n", pdata->fh);
503 fputs("</field>\n", pdata->fh);
507 /* Close off fake wrapper protocol */
508 if (wrap_in_fake_protocol) {
509 fputs("</proto>\n", pdata->fh);
513 /* Print info for a 'geninfo' pseudo-protocol. This is required by
514 * the PDML spec. The information is contained in Wireshark's 'frame' protocol,
515 * but we produce a 'geninfo' protocol in the PDML to conform to spec.
516 * The 'frame' protocol follows the 'geninfo' protocol in the PDML. */
518 print_pdml_geninfo(proto_tree *tree, FILE *fh)
520 guint32 num, len, caplen;
522 GPtrArray *finfo_array;
523 field_info *frame_finfo;
526 /* Get frame protocol's finfo. */
527 finfo_array = proto_find_finfo(tree, proto_frame);
528 if (g_ptr_array_len(finfo_array) < 1) {
531 frame_finfo = (field_info *)finfo_array->pdata[0];
532 g_ptr_array_free(finfo_array, TRUE);
534 /* frame.number --> geninfo.num */
535 finfo_array = proto_find_finfo(tree, hf_frame_number);
536 if (g_ptr_array_len(finfo_array) < 1) {
539 num = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
540 g_ptr_array_free(finfo_array, TRUE);
542 /* frame.frame_len --> geninfo.len */
543 finfo_array = proto_find_finfo(tree, hf_frame_len);
544 if (g_ptr_array_len(finfo_array) < 1) {
547 len = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
548 g_ptr_array_free(finfo_array, TRUE);
550 /* frame.cap_len --> geninfo.caplen */
551 finfo_array = proto_find_finfo(tree, hf_frame_capture_len);
552 if (g_ptr_array_len(finfo_array) < 1) {
555 caplen = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
556 g_ptr_array_free(finfo_array, TRUE);
558 /* frame.time --> geninfo.timestamp */
559 finfo_array = proto_find_finfo(tree, hf_frame_arrival_time);
560 if (g_ptr_array_len(finfo_array) < 1) {
563 timestamp = (nstime_t *)fvalue_get(&((field_info*)finfo_array->pdata[0])->value);
564 g_ptr_array_free(finfo_array, TRUE);
566 /* Print geninfo start */
568 " <proto name=\"geninfo\" pos=\"0\" showname=\"General information\" size=\"%d\">\n",
569 frame_finfo->length);
571 /* Print geninfo.num */
573 " <field name=\"num\" pos=\"0\" show=\"%u\" showname=\"Number\" value=\"%x\" size=\"%d\"/>\n",
574 num, num, frame_finfo->length);
576 /* Print geninfo.len */
578 " <field name=\"len\" pos=\"0\" show=\"%u\" showname=\"Frame Length\" value=\"%x\" size=\"%d\"/>\n",
579 len, len, frame_finfo->length);
581 /* Print geninfo.caplen */
583 " <field name=\"caplen\" pos=\"0\" show=\"%u\" showname=\"Captured Length\" value=\"%x\" size=\"%d\"/>\n",
584 caplen, caplen, frame_finfo->length);
586 tmp = abs_time_to_str(NULL, timestamp, ABSOLUTE_TIME_LOCAL, TRUE);
588 /* Print geninfo.timestamp */
590 " <field name=\"timestamp\" pos=\"0\" show=\"%s\" showname=\"Captured Time\" value=\"%d.%09d\" size=\"%d\"/>\n",
591 tmp, (int) timestamp->secs, timestamp->nsecs, frame_finfo->length);
593 wmem_free(NULL, tmp);
595 /* Print geninfo end */
601 write_pdml_finale(FILE *fh)
603 fputs("</pdml>\n", fh);
607 write_psml_preamble(column_info *cinfo, FILE *fh)
611 fputs("<?xml version=\"1.0\"?>\n", fh);
612 fputs("<psml version=\"" PSML_VERSION "\" ", fh);
613 fprintf(fh, "creator=\"%s/%s\">\n", PACKAGE, VERSION);
614 fprintf(fh, "<structure>\n");
616 for (i = 0; i < cinfo->num_cols; i++) {
617 fprintf(fh, "<section>");
618 print_escaped_xml(fh, cinfo->columns[i].col_title);
619 fprintf(fh, "</section>\n");
622 fprintf(fh, "</structure>\n\n");
626 write_psml_columns(epan_dissect_t *edt, FILE *fh)
630 fprintf(fh, "<packet>\n");
632 for (i = 0; i < edt->pi.cinfo->num_cols; i++) {
633 fprintf(fh, "<section>");
634 print_escaped_xml(fh, edt->pi.cinfo->columns[i].col_data);
635 fprintf(fh, "</section>\n");
638 fprintf(fh, "</packet>\n\n");
642 write_psml_finale(FILE *fh)
644 fputs("</psml>\n", fh);
647 static gchar *csv_massage_str(const gchar *source, const gchar *exceptions)
652 /* In general, our output for any field can contain Unicode characters,
653 so g_strescape (which escapes any non-ASCII) is the wrong thing to do.
654 Unfortunately glib doesn't appear to provide g_unicode_strescape()... */
655 csv_str = g_strescape(source, exceptions);
657 /* Locate the UTF-8 right arrow character and replace it by an ASCII equivalent */
658 while ( (tmp_str = strstr(tmp_str, UTF8_RIGHTWARDS_ARROW)) != NULL ) {
664 while ( (tmp_str = strstr(tmp_str, "\\\"")) != NULL )
669 static void csv_write_str(const char *str, char sep, FILE *fh)
673 /* Do not escape the UTF-8 right arrow character */
674 csv_str = csv_massage_str(str, UTF8_RIGHTWARDS_ARROW);
675 fprintf(fh, "\"%s\"%c", csv_str, sep);
680 write_csv_column_titles(column_info *cinfo, FILE *fh)
684 for (i = 0; i < cinfo->num_cols - 1; i++)
685 csv_write_str(cinfo->columns[i].col_title, ',', fh);
686 csv_write_str(cinfo->columns[i].col_title, '\n', fh);
690 write_csv_columns(epan_dissect_t *edt, FILE *fh)
694 for (i = 0; i < edt->pi.cinfo->num_cols - 1; i++)
695 csv_write_str(edt->pi.cinfo->columns[i].col_data, ',', fh);
696 csv_write_str(edt->pi.cinfo->columns[i].col_data, '\n', fh);
700 write_carrays_hex_data(guint32 num, FILE *fh, epan_dissect_t *edt)
702 guint32 i = 0, src_num = 0;
709 struct data_source *src;
711 for (src_le = edt->pi.data_src; src_le != NULL; src_le = src_le->next) {
712 memset(ascii, 0, sizeof(ascii));
713 src = (struct data_source *)src_le->data;
714 tvb = get_data_source_tvb(src);
715 length = tvb_captured_length(tvb);
719 cp = tvb_get_ptr(tvb, 0, length);
721 name = get_data_source_name(src);
723 fprintf(fh, "/* %s */\n", name);
724 wmem_free(NULL, name);
727 fprintf(fh, "static const unsigned char pkt%u_%u[%u] = {\n",
728 num, src_num, length);
730 fprintf(fh, "static const unsigned char pkt%u[%u] = {\n",
735 for (i = 0; i < length; i++) {
736 fprintf(fh, "0x%02x", *(cp + i));
737 ascii[i % 8] = g_ascii_isprint(*(cp + i)) ? *(cp + i) : '.';
739 if (i == (length - 1)) {
744 for ( j = 0; j < 8 - rem; j++ )
747 fprintf(fh, " /* %s */\n};\n\n", ascii);
751 if (!((i + 1) % 8)) {
752 fprintf(fh, ", /* %s */\n", ascii);
753 memset(ascii, 0, sizeof(ascii));
763 * Find the data source for a specified field, and return a pointer
764 * to the data in it. Returns NULL if the data is out of bounds.
766 /* XXX: What am I missing ?
767 * Why bother searching for fi->ds_tvb for the matching tvb
768 * in the data_source list ?
769 * IOW: Why not just use fi->ds_tvb for the arg to tvb_get_ptr() ?
772 static const guint8 *
773 get_field_data(GSList *src_list, field_info *fi)
777 gint length, tvbuff_length;
778 struct data_source *src;
780 for (src_le = src_list; src_le != NULL; src_le = src_le->next) {
781 src = (struct data_source *)src_le->data;
782 src_tvb = get_data_source_tvb(src);
783 if (fi->ds_tvb == src_tvb) {
787 * XXX - a field can have a length that runs past
788 * the end of the tvbuff. Ideally, that should
789 * be fixed when adding an item to the protocol
790 * tree, but checking the length when doing
791 * that could be expensive. Until we fix that,
792 * we'll do the check here.
794 tvbuff_length = tvb_captured_length_remaining(src_tvb,
796 if (tvbuff_length < 0) {
800 if (length > tvbuff_length)
801 length = tvbuff_length;
802 return tvb_get_ptr(src_tvb, fi->start, length);
805 g_assert_not_reached();
806 return NULL; /* not found */
809 /* Print a string, escaping out certain characters that need to
810 * escaped out for XML. */
812 print_escaped_xml(FILE *fh, const char *unescaped_string)
817 for (p = unescaped_string; *p != '\0'; p++) {
835 if (g_ascii_isprint(*p))
838 g_snprintf(temp_str, sizeof(temp_str), "\\x%x", (guint8)*p);
846 pdml_write_field_hex_value(write_pdml_data *pdata, field_info *fi)
854 if (fi->length > tvb_captured_length_remaining(fi->ds_tvb, fi->start)) {
855 fprintf(pdata->fh, "field length invalid!");
859 /* Find the data for this field. */
860 pd = get_field_data(pdata->src_list, fi);
863 /* Print a simple hex dump */
864 for (i = 0 ; i < fi->length; i++) {
865 fprintf(pdata->fh, "%02x", pd[i]);
871 print_hex_data(print_stream_t *stream, epan_dissect_t *edt)
873 gboolean multiple_sources;
879 struct data_source *src;
882 * Set "multiple_sources" iff this frame has more than one
883 * data source; if it does, we need to print the name of
884 * the data source before printing the data from the
887 multiple_sources = (edt->pi.data_src->next != NULL);
889 for (src_le = edt->pi.data_src; src_le != NULL;
890 src_le = src_le->next) {
891 src = (struct data_source *)src_le->data;
892 tvb = get_data_source_tvb(src);
893 if (multiple_sources) {
894 name = get_data_source_name(src);
895 line = g_strdup_printf("%s:", name);
896 wmem_free(NULL, name);
897 print_line(stream, 0, line);
900 length = tvb_captured_length(tvb);
903 cp = tvb_get_ptr(tvb, 0, length);
904 if (!print_hex_data_buffer(stream, cp, length,
905 (packet_char_enc)edt->pi.fd->flags.encoding))
912 * This routine is based on a routine created by Dan Lasley
913 * <DLASLEY@PROMUS.com>.
915 * It was modified for Wireshark by Gilbert Ramirez and others.
918 #define MAX_OFFSET_LEN 8 /* max length of hex offset of bytes */
919 #define BYTES_PER_LINE 16 /* max byte values printed on a line */
920 #define HEX_DUMP_LEN (BYTES_PER_LINE*3)
921 /* max number of characters hex dump takes -
922 2 digits plus trailing blank */
923 #define DATA_DUMP_LEN (HEX_DUMP_LEN + 2 + BYTES_PER_LINE)
924 /* number of characters those bytes take;
925 3 characters per byte of hex dump,
926 2 blanks separating hex from ASCII,
927 1 character per byte of ASCII dump */
928 #define MAX_LINE_LEN (MAX_OFFSET_LEN + 2 + DATA_DUMP_LEN)
929 /* number of characters per line;
930 offset, 2 blanks separating offset
931 from data dump, data dump */
934 print_hex_data_buffer(print_stream_t *stream, const guchar *cp,
935 guint length, packet_char_enc encoding)
937 register unsigned int ad, i, j, k, l;
939 gchar line[MAX_LINE_LEN + 1];
940 unsigned int use_digits;
942 static gchar binhex[16] = {
943 '0', '1', '2', '3', '4', '5', '6', '7',
944 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
947 * How many of the leading digits of the offset will we supply?
948 * We always supply at least 4 digits, but if the maximum offset
949 * won't fit in 4 digits, we use as many digits as will be needed.
951 if (((length - 1) & 0xF0000000) != 0)
952 use_digits = 8; /* need all 8 digits */
953 else if (((length - 1) & 0x0F000000) != 0)
954 use_digits = 7; /* need 7 digits */
955 else if (((length - 1) & 0x00F00000) != 0)
956 use_digits = 6; /* need 6 digits */
957 else if (((length - 1) & 0x000F0000) != 0)
958 use_digits = 5; /* need 5 digits */
960 use_digits = 4; /* we'll supply 4 digits */
969 * Start of a new line.
975 c = (ad >> (l*4)) & 0xF;
976 line[j++] = binhex[c];
980 memset(line+j, ' ', DATA_DUMP_LEN);
983 * Offset in line of ASCII dump.
985 k = j + HEX_DUMP_LEN + 2;
988 line[j++] = binhex[c>>4];
989 line[j++] = binhex[c&0xf];
991 if (encoding == PACKET_CHAR_ENC_CHAR_EBCDIC) {
992 c = EBCDIC_to_ASCII1(c);
994 line[k++] = ((c >= ' ') && (c < 0x7f)) ? c : '.';
996 if (((i & 15) == 0) || (i == length)) {
998 * We'll be starting a new line, or
999 * we're finished printing this buffer;
1000 * dump out the line we've constructed,
1001 * and advance the offset.
1004 if (!print_line(stream, 0, line))
1012 gsize output_fields_num_fields(output_fields_t* fields)
1016 if (NULL == fields->fields) {
1019 return fields->fields->len;
1023 void output_fields_free(output_fields_t* fields)
1027 if (NULL != fields->fields) {
1030 if (NULL != fields->field_indicies) {
1031 /* Keys are stored in fields->fields, values are
1034 g_hash_table_destroy(fields->field_indicies);
1037 if (NULL != fields->field_values) {
1038 g_free(fields->field_values);
1041 for(i = 0; i < fields->fields->len; ++i) {
1042 gchar* field = (gchar *)g_ptr_array_index(fields->fields,i);
1045 g_ptr_array_free(fields->fields, TRUE);
1051 #define COLUMN_FIELD_FILTER "_ws.col."
1053 void output_fields_add(output_fields_t *fields, const gchar *field)
1061 if (NULL == fields->fields) {
1062 fields->fields = g_ptr_array_new();
1065 field_copy = g_strdup(field);
1067 g_ptr_array_add(fields->fields, field_copy);
1069 /* See if we have a column as a field entry */
1070 if (!strncmp(field, COLUMN_FIELD_FILTER, strlen(COLUMN_FIELD_FILTER)))
1071 fields->includes_col_fields = TRUE;
1076 output_field_check(void *data, void *user_data)
1078 gchar *field = (gchar *)data;
1079 GSList **invalid_fields = (GSList **)user_data;
1081 if (!strncmp(field, COLUMN_FIELD_FILTER, strlen(COLUMN_FIELD_FILTER)))
1084 if (!proto_registrar_get_byname(field)) {
1085 *invalid_fields = g_slist_prepend(*invalid_fields, field);
1091 output_fields_valid(output_fields_t *fields)
1093 GSList *invalid_fields = NULL;
1094 if (fields->fields == NULL) {
1098 g_ptr_array_foreach(fields->fields, output_field_check, &invalid_fields);
1100 return invalid_fields;
1103 gboolean output_fields_set_option(output_fields_t *info, gchar *option)
1105 const gchar *option_name;
1106 const gchar *option_value;
1111 if ('\0' == *option) {
1112 return FALSE; /* this happens if we're called from tshark -E '' */
1114 option_name = strtok(option, "=");
1118 option_value = option + strlen(option_name) + 1;
1119 if (*option_value == '\0') {
1123 if (0 == strcmp(option_name, "header")) {
1124 switch (*option_value) {
1126 info->print_header = FALSE;
1129 info->print_header = TRUE;
1136 else if (0 == strcmp(option_name, "separator")) {
1137 switch (*option_value) {
1139 switch (*++option_value) {
1141 info->separator = '\t';
1144 info->separator = ' ';
1147 info->separator = '\\';
1151 info->separator = *option_value;
1156 else if (0 == strcmp(option_name, "occurrence")) {
1157 switch (*option_value) {
1161 info->occurrence = *option_value;
1168 else if (0 == strcmp(option_name, "aggregator")) {
1169 switch (*option_value) {
1171 switch (*++option_value) {
1173 info->aggregator = ' ';
1176 info->aggregator = '\\';
1180 info->aggregator = *option_value;
1185 else if (0 == strcmp(option_name, "quote")) {
1186 switch (*option_value) {
1206 void output_fields_list_options(FILE *fh)
1208 fprintf(fh, "TShark: The available options for field output \"E\" are:\n");
1209 fputs("header=y|n Print field abbreviations as first line of output (def: N: no)\n", fh);
1210 fputs("separator=/t|/s|<character> Set the separator to use;\n \"/t\" = tab, \"/s\" = space (def: /t: tab)\n", fh);
1211 fputs("occurrence=f|l|a Select the occurrence of a field to use;\n \"f\" = first, \"l\" = last, \"a\" = all (def: a: all)\n", fh);
1212 fputs("aggregator=,|/s|<character> Set the aggregator to use;\n \",\" = comma, \"/s\" = space (def: ,: comma)\n", fh);
1213 fputs("quote=d|s|n Print either d: double-quotes, s: single quotes or \n n: no quotes around field values (def: n: none)\n", fh);
1216 gboolean output_fields_has_cols(output_fields_t* fields)
1219 return fields->includes_col_fields;
1222 void write_fields_preamble(output_fields_t* fields, FILE *fh)
1228 g_assert(fields->fields);
1230 if (!fields->print_header) {
1234 for(i = 0; i < fields->fields->len; ++i) {
1235 const gchar* field = (const gchar *)g_ptr_array_index(fields->fields,i);
1237 fputc(fields->separator, fh);
1244 static void format_field_values(output_fields_t* fields, gpointer field_index, const gchar* value)
1252 /* Unwrap change made to disambiguiate zero / null */
1253 indx = GPOINTER_TO_UINT(field_index) - 1;
1255 if (fields->field_values[indx] == NULL) {
1256 fields->field_values[indx] = g_ptr_array_new();
1259 /* Essentially: fieldvalues[indx] is a 'GPtrArray *' with each array entry */
1260 /* pointing to a string which is (part of) the final output string. */
1262 fv_p = fields->field_values[indx];
1264 switch (fields->occurrence) {
1266 /* print the value of only the first occurrence of the field */
1267 if (g_ptr_array_len(fv_p) != 0)
1271 /* print the value of only the last occurrence of the field */
1272 g_ptr_array_set_size(fv_p, 0);
1275 /* print the value of all accurrences of the field */
1276 /* If not the first, add the 'aggregator' */
1277 if (g_ptr_array_len(fv_p) > 0) {
1278 g_ptr_array_add(fv_p, (gpointer)g_strdup_printf("%c", fields->aggregator));
1282 g_assert_not_reached();
1286 g_ptr_array_add(fv_p, (gpointer)value);
1289 static void proto_tree_get_node_field_values(proto_node *node, gpointer data)
1291 write_field_data_t *call_data;
1293 gpointer field_index;
1295 call_data = (write_field_data_t *)data;
1296 fi = PNODE_FINFO(node);
1298 /* dissection with an invisible proto tree? */
1301 field_index = g_hash_table_lookup(call_data->fields->field_indicies, fi->hfinfo->abbrev);
1302 if (NULL != field_index) {
1303 format_field_values(call_data->fields, field_index,
1304 get_node_field_value(fi, call_data->edt) /* g_ alloc'd string */
1309 if (node->first_child != NULL) {
1310 proto_tree_children_foreach(node, proto_tree_get_node_field_values,
1315 void write_fields_proto_tree(output_fields_t *fields, epan_dissect_t *edt, column_info *cinfo, FILE *fh)
1320 gpointer field_index;
1322 write_field_data_t data;
1325 g_assert(fields->fields);
1329 data.fields = fields;
1332 if (NULL == fields->field_indicies) {
1333 /* Prepare a lookup table from string abbreviation for field to its index. */
1334 fields->field_indicies = g_hash_table_new(g_str_hash, g_str_equal);
1337 while (i < fields->fields->len) {
1338 gchar *field = (gchar *)g_ptr_array_index(fields->fields, i);
1339 /* Store field indicies +1 so that zero is not a valid value,
1340 * and can be distinguished from NULL as a pointer.
1343 g_hash_table_insert(fields->field_indicies, field, GUINT_TO_POINTER(i));
1347 /* Array buffer to store values for this packet */
1348 /* Allocate an array for the 'GPtrarray *' the first time */
1349 /* ths function is invoked for a file; */
1350 /* Any and all 'GPtrArray *' are freed (after use) each */
1351 /* time (each packet) this function is invoked for a flle. */
1352 /* XXX: ToDo: use packet-scope'd memory & (if/when implemented) wmem ptr_array */
1353 if (NULL == fields->field_values)
1354 fields->field_values = g_new0(GPtrArray*, fields->fields->len); /* free'd in output_fields_free() */
1356 proto_tree_children_foreach(edt->tree, proto_tree_get_node_field_values,
1359 if (fields->includes_col_fields) {
1360 for (col = 0; col < cinfo->num_cols; col++) {
1361 /* Prepend COLUMN_FIELD_FILTER as the field name */
1362 col_name = g_strdup_printf("%s%s", COLUMN_FIELD_FILTER, cinfo->columns[col].col_title);
1363 field_index = g_hash_table_lookup(fields->field_indicies, col_name);
1366 if (NULL != field_index) {
1367 format_field_values(fields, field_index, g_strdup(cinfo->columns[col].col_data));
1372 for(i = 0; i < fields->fields->len; ++i) {
1374 fputc(fields->separator, fh);
1376 if (NULL != fields->field_values[i]) {
1380 fv_p = fields->field_values[i];
1381 if (fields->quote != '\0') {
1382 fputc(fields->quote, fh);
1385 /* Output the array of (partial) field values */
1386 for (j = 0; j < g_ptr_array_len(fv_p); j++ ) {
1387 str = (gchar *)g_ptr_array_index(fv_p, j);
1391 if (fields->quote != '\0') {
1392 fputc(fields->quote, fh);
1394 g_ptr_array_free(fv_p, TRUE); /* get ready for the next packet */
1395 fields->field_values[i] = NULL;
1400 void write_fields_finale(output_fields_t* fields _U_ , FILE *fh _U_)
1405 /* Returns an g_malloced string */
1406 gchar* get_node_field_value(field_info* fi, epan_dissect_t* edt)
1408 if (fi->hfinfo->id == hf_text_only) {
1412 return g_strdup(fi->rep->representation);
1415 return get_field_hex_value(edt->pi.data_src, fi);
1418 else if (fi->hfinfo->id == proto_data) {
1419 /* Uninterpreted data, i.e., the "Data" protocol, is
1420 * printed as a field instead of a protocol. */
1421 return get_field_hex_value(edt->pi.data_src, fi);
1424 /* Normal protocols and fields */
1425 gchar *dfilter_string;
1427 switch (fi->hfinfo->type)
1430 /* Print out the full details for the protocol. */
1432 return g_strdup(fi->rep->representation);
1434 /* Just print out the protocol abbreviation */
1435 return g_strdup(fi->hfinfo->abbrev);
1438 /* Return "1" so that the presence of a field of type
1439 * FT_NONE can be checked when using -T fields */
1440 return g_strdup("1");
1442 dfilter_string = fvalue_to_string_repr(&fi->value, FTREPR_DISPLAY, fi->hfinfo->display, NULL);
1443 if (dfilter_string != NULL) {
1444 return dfilter_string;
1446 return get_field_hex_value(edt->pi.data_src, fi);
1453 get_field_hex_value(GSList *src_list, field_info *fi)
1460 if (fi->length > tvb_captured_length_remaining(fi->ds_tvb, fi->start)) {
1461 return g_strdup("field length invalid!");
1464 /* Find the data for this field. */
1465 pd = get_field_data(src_list, fi);
1472 const int chars_per_byte = 2;
1474 len = chars_per_byte * fi->length;
1475 buffer = (gchar *)g_malloc(sizeof(gchar)*(len + 1));
1476 buffer[len] = '\0'; /* Ensure NULL termination in bad cases */
1478 /* Print a simple hex dump */
1479 for (i = 0 ; i < fi->length; i++) {
1480 g_snprintf(p, chars_per_byte+1, "%02x", pd[i]);
1481 p += chars_per_byte;
1489 output_fields_t* output_fields_new(void)
1491 output_fields_t* fields = g_new(output_fields_t, 1);
1492 fields->print_header = FALSE;
1493 fields->separator = '\t';
1494 fields->occurrence = 'a';
1495 fields->aggregator = ',';
1496 fields->fields = NULL; /*Do lazy initialisation */
1497 fields->field_indicies = NULL;
1498 fields->field_values = NULL;
1499 fields->quote ='\0';
1500 fields->includes_col_fields = FALSE;
1505 * Editor modelines - http://www.wireshark.org/tools/modelines.html
1510 * indent-tabs-mode: nil
1513 * vi: set shiftwidth=4 tabstop=8 expandtab:
1514 * :indentSize=4:tabSize=8:noTabs=true:
git.samba.org / metze / wireshark / wip.git / blob