2 * Routines for printing packet analysis trees.
4 * Gilbert Ramirez <gram@alumni.rice.edu>
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
30 #include <epan/packet.h>
31 #include <epan/epan.h>
32 #include <epan/epan_dissect.h>
33 #include <epan/to_str.h>
34 #include <epan/expert.h>
35 #include <epan/packet-range.h>
36 #include <epan/print.h>
37 #include <epan/charsets.h>
38 #include <wsutil/filesystem.h>
39 #include <wsutil/ws_version_info.h>
40 #include <ftypes/ftypes-int.h>
42 #define PDML_VERSION "0"
43 #define PSML_VERSION "0"
47 print_stream_t *stream;
50 print_dissections_e print_dissections;
51 gboolean print_hex_for_data;
52 packet_char_enc encoding;
54 GHashTable *output_only_tables; /* output only these protocols */
65 output_fields_t *fields;
69 struct _output_fields {
70 gboolean print_header;
75 GHashTable *field_indicies;
76 GPtrArray **field_values;
78 gboolean includes_col_fields;
81 static gchar *get_field_hex_value(GSList *src_list, field_info *fi);
82 static void proto_tree_print_node(proto_node *node, gpointer data);
83 static void proto_tree_write_node_pdml(proto_node *node, gpointer data);
84 static const guint8 *get_field_data(GSList *src_list, field_info *fi);
85 static void pdml_write_field_hex_value(write_pdml_data *pdata, field_info *fi);
86 static gboolean print_hex_data_buffer(print_stream_t *stream, const guchar *cp,
87 guint length, packet_char_enc encoding);
88 static void print_escaped_xml(FILE *fh, const char *unescaped_string);
90 static void print_pdml_geninfo(proto_tree *tree, FILE *fh);
92 static void proto_tree_get_node_field_values(proto_node *node, gpointer data);
94 /* Cache the protocols and field handles that the print functionality needs
95 This helps break explicit dependency on the dissectors. */
96 static int proto_data = -1;
97 static int proto_frame = -1;
98 static int hf_frame_arrival_time = -1;
99 static int hf_frame_number = -1;
100 static int hf_frame_len = -1;
101 static int hf_frame_capture_len = -1;
103 void print_cache_field_handles(void)
105 proto_data = proto_get_id_by_short_name("Data");
106 proto_frame = proto_get_id_by_short_name("Frame");
107 hf_frame_arrival_time = proto_registrar_get_id_byname("frame.time");
108 hf_frame_number = proto_registrar_get_id_byname("frame.number");
109 hf_frame_len = proto_registrar_get_id_byname("frame.len");
110 hf_frame_capture_len = proto_registrar_get_id_byname("frame.cap_len");
114 proto_tree_print(print_args_t *print_args, epan_dissect_t *edt,
115 GHashTable *output_only_tables, print_stream_t *stream)
119 /* Create the output */
121 data.stream = stream;
123 data.src_list = edt->pi.data_src;
124 data.encoding = edt->pi.fd->flags.encoding;
125 data.print_dissections = print_args->print_dissections;
126 /* If we're printing the entire packet in hex, don't
127 print uninterpreted data fields in hex as well. */
128 data.print_hex_for_data = !print_args->print_hex;
130 data.output_only_tables = output_only_tables;
132 proto_tree_children_foreach(edt->tree, proto_tree_print_node, &data);
136 /* Print a tree's data, and any child nodes. */
138 proto_tree_print_node(proto_node *node, gpointer data)
140 field_info *fi = PNODE_FINFO(node);
141 print_data *pdata = (print_data*) data;
143 gchar label_str[ITEM_LABEL_LENGTH];
146 /* dissection with an invisible proto tree? */
149 /* Don't print invisible entries. */
150 if (PROTO_ITEM_IS_HIDDEN(node))
153 /* Give up if we've already gotten an error. */
157 /* was a free format label produced? */
159 label_ptr = fi->rep->representation;
161 else { /* no, make a generic label */
162 label_ptr = label_str;
163 proto_item_fill_label(fi, label_str);
166 if (PROTO_ITEM_IS_GENERATED(node))
167 label_ptr = g_strconcat("[", label_ptr, "]", NULL);
169 pdata->success = print_line(pdata->stream, pdata->level, label_ptr);
171 if (PROTO_ITEM_IS_GENERATED(node))
178 * If -O is specified, only display the protocols which are in the
179 * lookup table. Only check on the first level: once we start printing
180 * a tree, print the rest of the subtree. Otherwise we won't print
181 * subitems whose abbreviation doesn't match the protocol--for example
182 * text items (whose abbreviation is simply "text").
184 if ((pdata->output_only_tables != NULL) && (pdata->level == 0)
185 && (g_hash_table_lookup(pdata->output_only_tables, fi->hfinfo->abbrev) == NULL)) {
189 /* If it's uninterpreted data, dump it (unless our caller will
190 be printing the entire packet in hex). */
191 if ((fi->hfinfo->id == proto_data) && (pdata->print_hex_for_data)) {
193 * Find the data for this field.
195 pd = get_field_data(pdata->src_list, fi);
197 if (!print_line(pdata->stream, 0, "")) {
198 pdata->success = FALSE;
201 if (!print_hex_data_buffer(pdata->stream, pd,
202 fi->length, pdata->encoding)) {
203 pdata->success = FALSE;
209 /* If we're printing all levels, or if this node is one with a
210 subtree and its subtree is expanded, recurse into the subtree,
212 g_assert((fi->tree_type >= -1) && (fi->tree_type < num_tree_types));
213 if ((pdata->print_dissections == print_dissections_expanded) ||
214 ((pdata->print_dissections == print_dissections_as_displayed) &&
215 (fi->tree_type >= 0) && tree_expanded(fi->tree_type))) {
216 if (node->first_child != NULL) {
218 proto_tree_children_foreach(node,
219 proto_tree_print_node, pdata);
227 #define PDML2HTML_XSL "pdml2html.xsl"
229 write_pdml_preamble(FILE *fh, const gchar *filename)
231 time_t t = time(NULL);
232 char *ts = asctime(localtime(&t));
234 ts[strlen(ts)-1] = 0; /* overwrite \n */
236 fputs("<?xml version=\"1.0\"?>\n", fh);
237 fputs("<?xml-stylesheet type=\"text/xsl\" href=\"" PDML2HTML_XSL "\"?>\n", fh);
238 fprintf(fh, "<!-- You can find " PDML2HTML_XSL " in %s or at https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=" PDML2HTML_XSL ". -->\n", get_datafile_dir());
239 fputs("<pdml version=\"" PDML_VERSION "\" ", fh);
240 fprintf(fh, "creator=\"%s/%s\" time=\"%s\" capture_file=\"%s\">\n", PACKAGE, VERSION, ts, filename ? filename : "");
244 write_pdml_proto_tree(epan_dissect_t *edt, FILE *fh)
246 write_pdml_data data;
248 /* Create the output */
251 data.src_list = edt->pi.data_src;
254 fprintf(fh, "<packet>\n");
256 /* Print a "geninfo" protocol as required by PDML */
257 print_pdml_geninfo(edt->tree, fh);
259 proto_tree_children_foreach(edt->tree, proto_tree_write_node_pdml,
262 fprintf(fh, "</packet>\n\n");
265 /* Write out a tree's data, and any child nodes, as PDML */
267 proto_tree_write_node_pdml(proto_node *node, gpointer data)
269 field_info *fi = PNODE_FINFO(node);
270 write_pdml_data *pdata = (write_pdml_data*) data;
271 const gchar *label_ptr;
272 gchar label_str[ITEM_LABEL_LENGTH];
273 char *dfilter_string;
275 gboolean wrap_in_fake_protocol;
277 /* dissection with an invisible proto tree? */
280 /* Will wrap up top-level field items inside a fake protocol wrapper to
281 preserve the PDML schema */
282 wrap_in_fake_protocol =
283 (((fi->hfinfo->type != FT_PROTOCOL) ||
284 (fi->hfinfo->id == proto_data)) &&
285 (pdata->level == 0));
287 /* Indent to the correct level */
288 for (i = -1; i < pdata->level; i++) {
289 fputs(" ", pdata->fh);
292 if (wrap_in_fake_protocol) {
293 /* Open fake protocol wrapper */
294 fputs("<proto name=\"fake-field-wrapper\">\n", pdata->fh);
296 /* Indent to increased level before writing out field */
298 for (i = -1; i < pdata->level; i++) {
299 fputs(" ", pdata->fh);
303 /* Text label. It's printed as a field with no name. */
304 if (fi->hfinfo->id == hf_text_only) {
307 label_ptr = fi->rep->representation;
313 /* Show empty name since it is a required field */
314 fputs("<field name=\"", pdata->fh);
315 fputs("\" show=\"", pdata->fh);
316 print_escaped_xml(pdata->fh, label_ptr);
318 fprintf(pdata->fh, "\" size=\"%d", fi->length);
319 if (node->parent && node->parent->finfo && (fi->start < node->parent->finfo->start)) {
320 fprintf(pdata->fh, "\" pos=\"%d", node->parent->finfo->start + fi->start);
322 fprintf(pdata->fh, "\" pos=\"%d", fi->start);
325 if (fi->length > 0) {
326 fputs("\" value=\"", pdata->fh);
327 pdml_write_field_hex_value(pdata, fi);
330 if (node->first_child != NULL) {
331 fputs("\">\n", pdata->fh);
334 fputs("\"/>\n", pdata->fh);
338 /* Uninterpreted data, i.e., the "Data" protocol, is
339 * printed as a field instead of a protocol. */
340 else if (fi->hfinfo->id == proto_data) {
342 /* Write out field with data */
343 fputs("<field name=\"data\" value=\"", pdata->fh);
344 pdml_write_field_hex_value(pdata, fi);
345 fputs("\">\n", pdata->fh);
347 /* Normal protocols and fields */
349 if ((fi->hfinfo->type == FT_PROTOCOL) && (fi->hfinfo->id != proto_expert)) {
350 fputs("<proto name=\"", pdata->fh);
353 fputs("<field name=\"", pdata->fh);
355 print_escaped_xml(pdata->fh, fi->hfinfo->abbrev);
359 * http://www.nbee.org/doku.php?id=netpdl:pdml_specification
361 * the show fields contains things in 'human readable' format
362 * showname: contains only the name of the field
363 * show: contains only the data of the field
364 * showdtl: contains additional details of the field data
365 * showmap: contains mappings of the field data (e.g. the hostname to an IP address)
367 * XXX - the showname shouldn't contain the field data itself
368 * (like it's contained in the fi->rep->representation).
369 * Unfortunately, we don't have the field data representation for
370 * all fields, so this isn't currently possible */
371 fputs("\" showname=\"", pdata->fh);
372 print_escaped_xml(pdata->fh, fi->hfinfo->name);
376 fputs("\" showname=\"", pdata->fh);
377 print_escaped_xml(pdata->fh, fi->rep->representation);
380 label_ptr = label_str;
381 proto_item_fill_label(fi, label_str);
382 fputs("\" showname=\"", pdata->fh);
383 print_escaped_xml(pdata->fh, label_ptr);
386 if (PROTO_ITEM_IS_HIDDEN(node))
387 fprintf(pdata->fh, "\" hide=\"yes");
389 fprintf(pdata->fh, "\" size=\"%d", fi->length);
390 if (node->parent && node->parent->finfo && (fi->start < node->parent->finfo->start)) {
391 fprintf(pdata->fh, "\" pos=\"%d", node->parent->finfo->start + fi->start);
393 fprintf(pdata->fh, "\" pos=\"%d", fi->start);
395 /* fprintf(pdata->fh, "\" id=\"%d", fi->hfinfo->id);*/
397 /* show, value, and unmaskedvalue attributes */
398 switch (fi->hfinfo->type)
403 fputs("\" show=\"\" value=\"", pdata->fh);
406 dfilter_string = fvalue_to_string_repr(&fi->value, FTREPR_DISPLAY, fi->hfinfo->display, NULL);
407 if (dfilter_string != NULL) {
409 fputs("\" show=\"", pdata->fh);
410 print_escaped_xml(pdata->fh, dfilter_string);
412 g_free(dfilter_string);
415 * XXX - should we omit "value" for any fields?
416 * What should we do for fields whose length is 0?
417 * They might come from a pseudo-header or from
418 * the capture header (e.g., time stamps), or
419 * they might be generated fields.
421 if (fi->length > 0) {
422 fputs("\" value=\"", pdata->fh);
424 if (fi->hfinfo->bitmask!=0) {
425 switch (fi->value.ftype->ftype) {
430 fprintf(pdata->fh, "%X", (guint) fvalue_get_sinteger(&fi->value));
437 fprintf(pdata->fh, "%X", fvalue_get_uinteger(&fi->value));
443 fprintf(pdata->fh, "%" G_GINT64_MODIFIER "X", fvalue_get_sinteger64(&fi->value));
449 fprintf(pdata->fh, "%" G_GINT64_MODIFIER "X", fvalue_get_uinteger64(&fi->value));
452 g_assert_not_reached();
454 fputs("\" unmaskedvalue=\"", pdata->fh);
455 pdml_write_field_hex_value(pdata, fi);
458 pdml_write_field_hex_value(pdata, fi);
463 if (node->first_child != NULL) {
464 fputs("\">\n", pdata->fh);
466 else if (fi->hfinfo->id == proto_data) {
467 fputs("\">\n", pdata->fh);
470 fputs("\"/>\n", pdata->fh);
474 /* We always print all levels for PDML. Recurse here. */
475 if (node->first_child != NULL) {
477 proto_tree_children_foreach(node,
478 proto_tree_write_node_pdml, pdata);
482 /* Take back the extra level we added for fake wrapper protocol */
483 if (wrap_in_fake_protocol) {
487 if (node->first_child != NULL) {
488 /* Indent to correct level */
489 for (i = -1; i < pdata->level; i++) {
490 fputs(" ", pdata->fh);
492 /* Close off current element */
493 /* Data and expert "protocols" use simple tags */
494 if ((fi->hfinfo->id != proto_data) && (fi->hfinfo->id != proto_expert)) {
495 if (fi->hfinfo->type == FT_PROTOCOL) {
496 fputs("</proto>\n", pdata->fh);
499 fputs("</field>\n", pdata->fh);
502 fputs("</field>\n", pdata->fh);
506 /* Close off fake wrapper protocol */
507 if (wrap_in_fake_protocol) {
508 fputs("</proto>\n", pdata->fh);
512 /* Print info for a 'geninfo' pseudo-protocol. This is required by
513 * the PDML spec. The information is contained in Wireshark's 'frame' protocol,
514 * but we produce a 'geninfo' protocol in the PDML to conform to spec.
515 * The 'frame' protocol follows the 'geninfo' protocol in the PDML. */
517 print_pdml_geninfo(proto_tree *tree, FILE *fh)
519 guint32 num, len, caplen;
521 GPtrArray *finfo_array;
522 field_info *frame_finfo;
525 /* Get frame protocol's finfo. */
526 finfo_array = proto_find_finfo(tree, proto_frame);
527 if (g_ptr_array_len(finfo_array) < 1) {
530 frame_finfo = (field_info *)finfo_array->pdata[0];
531 g_ptr_array_free(finfo_array, TRUE);
533 /* frame.number --> geninfo.num */
534 finfo_array = proto_find_finfo(tree, hf_frame_number);
535 if (g_ptr_array_len(finfo_array) < 1) {
538 num = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
539 g_ptr_array_free(finfo_array, TRUE);
541 /* frame.frame_len --> geninfo.len */
542 finfo_array = proto_find_finfo(tree, hf_frame_len);
543 if (g_ptr_array_len(finfo_array) < 1) {
546 len = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
547 g_ptr_array_free(finfo_array, TRUE);
549 /* frame.cap_len --> geninfo.caplen */
550 finfo_array = proto_find_finfo(tree, hf_frame_capture_len);
551 if (g_ptr_array_len(finfo_array) < 1) {
554 caplen = fvalue_get_uinteger(&((field_info*)finfo_array->pdata[0])->value);
555 g_ptr_array_free(finfo_array, TRUE);
557 /* frame.time --> geninfo.timestamp */
558 finfo_array = proto_find_finfo(tree, hf_frame_arrival_time);
559 if (g_ptr_array_len(finfo_array) < 1) {
562 timestamp = (nstime_t *)fvalue_get(&((field_info*)finfo_array->pdata[0])->value);
563 g_ptr_array_free(finfo_array, TRUE);
565 /* Print geninfo start */
567 " <proto name=\"geninfo\" pos=\"0\" showname=\"General information\" size=\"%d\">\n",
568 frame_finfo->length);
570 /* Print geninfo.num */
572 " <field name=\"num\" pos=\"0\" show=\"%u\" showname=\"Number\" value=\"%x\" size=\"%d\"/>\n",
573 num, num, frame_finfo->length);
575 /* Print geninfo.len */
577 " <field name=\"len\" pos=\"0\" show=\"%u\" showname=\"Frame Length\" value=\"%x\" size=\"%d\"/>\n",
578 len, len, frame_finfo->length);
580 /* Print geninfo.caplen */
582 " <field name=\"caplen\" pos=\"0\" show=\"%u\" showname=\"Captured Length\" value=\"%x\" size=\"%d\"/>\n",
583 caplen, caplen, frame_finfo->length);
585 tmp = abs_time_to_str(NULL, timestamp, ABSOLUTE_TIME_LOCAL, TRUE);
587 /* Print geninfo.timestamp */
589 " <field name=\"timestamp\" pos=\"0\" show=\"%s\" showname=\"Captured Time\" value=\"%d.%09d\" size=\"%d\"/>\n",
590 tmp, (int) timestamp->secs, timestamp->nsecs, frame_finfo->length);
592 wmem_free(NULL, tmp);
594 /* Print geninfo end */
600 write_pdml_finale(FILE *fh)
602 fputs("</pdml>\n", fh);
606 write_psml_preamble(column_info *cinfo, FILE *fh)
610 fputs("<?xml version=\"1.0\"?>\n", fh);
611 fputs("<psml version=\"" PSML_VERSION "\" ", fh);
612 fprintf(fh, "creator=\"%s/%s\">\n", PACKAGE, VERSION);
613 fprintf(fh, "<structure>\n");
615 for (i = 0; i < cinfo->num_cols; i++) {
616 fprintf(fh, "<section>");
617 print_escaped_xml(fh, cinfo->col_title[i]);
618 fprintf(fh, "</section>\n");
621 fprintf(fh, "</structure>\n\n");
625 write_psml_columns(epan_dissect_t *edt, FILE *fh)
629 fprintf(fh, "<packet>\n");
631 for (i = 0; i < edt->pi.cinfo->num_cols; i++) {
632 fprintf(fh, "<section>");
633 print_escaped_xml(fh, edt->pi.cinfo->col_data[i]);
634 fprintf(fh, "</section>\n");
637 fprintf(fh, "</packet>\n\n");
641 write_psml_finale(FILE *fh)
643 fputs("</psml>\n", fh);
646 static gchar *csv_massage_str(const gchar *source, const gchar *exceptions)
651 /* In general, our output for any field can contain Unicode characters,
652 so g_strescape (which escapes any non-ASCII) is the wrong thing to do.
653 Unfortunately glib doesn't appear to provide g_unicode_strescape()... */
654 csv_str = g_strescape(source, exceptions);
656 /* Locate the UTF-8 right arrow character and replace it by an ASCII equivalent */
657 while ( (tmp_str = strstr(tmp_str, "\xe2\x86\x92")) != NULL ) {
663 while ( (tmp_str = strstr(tmp_str, "\\\"")) != NULL )
668 static void csv_write_str(const char *str, char sep, FILE *fh)
672 /* Do not escape the UTF-8 righ arrow character */
673 csv_str = csv_massage_str(str, "\xe2\x86\x92");
674 fprintf(fh, "\"%s\"%c", csv_str, sep);
679 write_csv_column_titles(column_info *cinfo, FILE *fh)
683 for (i = 0; i < cinfo->num_cols - 1; i++)
684 csv_write_str(cinfo->col_title[i], ',', fh);
685 csv_write_str(cinfo->col_title[i], '\n', fh);
689 write_csv_columns(epan_dissect_t *edt, FILE *fh)
693 for (i = 0; i < edt->pi.cinfo->num_cols - 1; i++)
694 csv_write_str(edt->pi.cinfo->col_data[i], ',', fh);
695 csv_write_str(edt->pi.cinfo->col_data[i], '\n', fh);
699 write_carrays_hex_data(guint32 num, FILE *fh, epan_dissect_t *edt)
701 guint32 i = 0, src_num = 0;
708 struct data_source *src;
710 for (src_le = edt->pi.data_src; src_le != NULL; src_le = src_le->next) {
711 memset(ascii, 0, sizeof(ascii));
712 src = (struct data_source *)src_le->data;
713 tvb = get_data_source_tvb(src);
714 length = tvb_length(tvb);
718 cp = tvb_get_ptr(tvb, 0, length);
720 name = get_data_source_name(src);
722 fprintf(fh, "/* %s */\n", name);
723 wmem_free(NULL, name);
726 fprintf(fh, "static const unsigned char pkt%u_%u[%u] = {\n",
727 num, src_num, length);
729 fprintf(fh, "static const unsigned char pkt%u[%u] = {\n",
734 for (i = 0; i < length; i++) {
735 fprintf(fh, "0x%02x", *(cp + i));
736 ascii[i % 8] = g_ascii_isprint(*(cp + i)) ? *(cp + i) : '.';
738 if (i == (length - 1)) {
743 for ( j = 0; j < 8 - rem; j++ )
746 fprintf(fh, " /* %s */\n};\n\n", ascii);
750 if (!((i + 1) % 8)) {
751 fprintf(fh, ", /* %s */\n", ascii);
752 memset(ascii, 0, sizeof(ascii));
762 * Find the data source for a specified field, and return a pointer
763 * to the data in it. Returns NULL if the data is out of bounds.
765 /* XXX: What am I missing ?
766 * Why bother searching for fi->ds_tvb for the matching tvb
767 * in the data_source list ?
768 * IOW: Why not just use fi->ds_tvb for the arg to tvb_get_ptr() ?
771 static const guint8 *
772 get_field_data(GSList *src_list, field_info *fi)
776 gint length, tvbuff_length;
777 struct data_source *src;
779 for (src_le = src_list; src_le != NULL; src_le = src_le->next) {
780 src = (struct data_source *)src_le->data;
781 src_tvb = get_data_source_tvb(src);
782 if (fi->ds_tvb == src_tvb) {
786 * XXX - a field can have a length that runs past
787 * the end of the tvbuff. Ideally, that should
788 * be fixed when adding an item to the protocol
789 * tree, but checking the length when doing
790 * that could be expensive. Until we fix that,
791 * we'll do the check here.
793 tvbuff_length = tvb_length_remaining(src_tvb,
795 if (tvbuff_length < 0) {
799 if (length > tvbuff_length)
800 length = tvbuff_length;
801 return tvb_get_ptr(src_tvb, fi->start, length);
804 g_assert_not_reached();
805 return NULL; /* not found */
808 /* Print a string, escaping out certain characters that need to
809 * escaped out for XML. */
811 print_escaped_xml(FILE *fh, const char *unescaped_string)
816 for (p = unescaped_string; *p != '\0'; p++) {
834 if (g_ascii_isprint(*p))
837 g_snprintf(temp_str, sizeof(temp_str), "\\x%x", (guint8)*p);
845 pdml_write_field_hex_value(write_pdml_data *pdata, field_info *fi)
853 if (fi->length > tvb_length_remaining(fi->ds_tvb, fi->start)) {
854 fprintf(pdata->fh, "field length invalid!");
858 /* Find the data for this field. */
859 pd = get_field_data(pdata->src_list, fi);
862 /* Print a simple hex dump */
863 for (i = 0 ; i < fi->length; i++) {
864 fprintf(pdata->fh, "%02x", pd[i]);
870 print_hex_data(print_stream_t *stream, epan_dissect_t *edt)
872 gboolean multiple_sources;
878 struct data_source *src;
881 * Set "multiple_sources" iff this frame has more than one
882 * data source; if it does, we need to print the name of
883 * the data source before printing the data from the
886 multiple_sources = (edt->pi.data_src->next != NULL);
888 for (src_le = edt->pi.data_src; src_le != NULL;
889 src_le = src_le->next) {
890 src = (struct data_source *)src_le->data;
891 tvb = get_data_source_tvb(src);
892 if (multiple_sources) {
893 name = get_data_source_name(src);
894 line = g_strdup_printf("%s:", name);
895 wmem_free(NULL, name);
896 print_line(stream, 0, line);
899 length = tvb_length(tvb);
902 cp = tvb_get_ptr(tvb, 0, length);
903 if (!print_hex_data_buffer(stream, cp, length,
904 edt->pi.fd->flags.encoding))
911 * This routine is based on a routine created by Dan Lasley
912 * <DLASLEY@PROMUS.com>.
914 * It was modified for Wireshark by Gilbert Ramirez and others.
917 #define MAX_OFFSET_LEN 8 /* max length of hex offset of bytes */
918 #define BYTES_PER_LINE 16 /* max byte values printed on a line */
919 #define HEX_DUMP_LEN (BYTES_PER_LINE*3)
920 /* max number of characters hex dump takes -
921 2 digits plus trailing blank */
922 #define DATA_DUMP_LEN (HEX_DUMP_LEN + 2 + BYTES_PER_LINE)
923 /* number of characters those bytes take;
924 3 characters per byte of hex dump,
925 2 blanks separating hex from ASCII,
926 1 character per byte of ASCII dump */
927 #define MAX_LINE_LEN (MAX_OFFSET_LEN + 2 + DATA_DUMP_LEN)
928 /* number of characters per line;
929 offset, 2 blanks separating offset
930 from data dump, data dump */
933 print_hex_data_buffer(print_stream_t *stream, const guchar *cp,
934 guint length, packet_char_enc encoding)
936 register unsigned int ad, i, j, k, l;
938 gchar line[MAX_LINE_LEN + 1];
939 unsigned int use_digits;
941 static gchar binhex[16] = {
942 '0', '1', '2', '3', '4', '5', '6', '7',
943 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
946 * How many of the leading digits of the offset will we supply?
947 * We always supply at least 4 digits, but if the maximum offset
948 * won't fit in 4 digits, we use as many digits as will be needed.
950 if (((length - 1) & 0xF0000000) != 0)
951 use_digits = 8; /* need all 8 digits */
952 else if (((length - 1) & 0x0F000000) != 0)
953 use_digits = 7; /* need 7 digits */
954 else if (((length - 1) & 0x00F00000) != 0)
955 use_digits = 6; /* need 6 digits */
956 else if (((length - 1) & 0x000F0000) != 0)
957 use_digits = 5; /* need 5 digits */
959 use_digits = 4; /* we'll supply 4 digits */
968 * Start of a new line.
974 c = (ad >> (l*4)) & 0xF;
975 line[j++] = binhex[c];
979 memset(line+j, ' ', DATA_DUMP_LEN);
982 * Offset in line of ASCII dump.
984 k = j + HEX_DUMP_LEN + 2;
987 line[j++] = binhex[c>>4];
988 line[j++] = binhex[c&0xf];
990 if (encoding == PACKET_CHAR_ENC_CHAR_EBCDIC) {
991 c = EBCDIC_to_ASCII1(c);
993 line[k++] = ((c >= ' ') && (c < 0x7f)) ? c : '.';
995 if (((i & 15) == 0) || (i == length)) {
997 * We'll be starting a new line, or
998 * we're finished printing this buffer;
999 * dump out the line we've constructed,
1000 * and advance the offset.
1003 if (!print_line(stream, 0, line))
1011 gsize output_fields_num_fields(output_fields_t* fields)
1015 if (NULL == fields->fields) {
1018 return fields->fields->len;
1022 void output_fields_free(output_fields_t* fields)
1026 if (NULL != fields->fields) {
1029 if (NULL != fields->field_indicies) {
1030 /* Keys are stored in fields->fields, values are
1033 g_hash_table_destroy(fields->field_indicies);
1036 if (NULL != fields->field_values) {
1037 g_free(fields->field_values);
1040 for(i = 0; i < fields->fields->len; ++i) {
1041 gchar* field = (gchar *)g_ptr_array_index(fields->fields,i);
1044 g_ptr_array_free(fields->fields, TRUE);
1050 #define COLUMN_FIELD_FILTER "_ws.col."
1052 void output_fields_add(output_fields_t *fields, const gchar *field)
1060 if (NULL == fields->fields) {
1061 fields->fields = g_ptr_array_new();
1064 field_copy = g_strdup(field);
1066 g_ptr_array_add(fields->fields, field_copy);
1068 /* See if we have a column as a field entry */
1069 if (!strncmp(field, COLUMN_FIELD_FILTER, strlen(COLUMN_FIELD_FILTER)))
1070 fields->includes_col_fields = TRUE;
1075 output_field_check(void *data, void *user_data)
1077 gchar *field = (gchar *)data;
1078 gboolean *all_valid = (gboolean *)user_data;
1080 if (!strncmp(field, COLUMN_FIELD_FILTER, strlen(COLUMN_FIELD_FILTER)))
1083 if (!proto_registrar_get_byname(field)) {
1084 g_warning("'%s' isn't a valid field!", field);
1091 output_fields_valid(output_fields_t *fields)
1093 gboolean all_valid = TRUE;
1095 if (fields->fields == NULL) {
1099 g_ptr_array_foreach(fields->fields, output_field_check, &all_valid);
1104 gboolean output_fields_set_option(output_fields_t *info, gchar *option)
1106 const gchar *option_name;
1107 const gchar *option_value;
1112 if ('\0' == *option) {
1113 return FALSE; /* Is this guarded against by option parsing? */
1115 option_name = strtok(option, "=");
1119 option_value = option + strlen(option_name) + 1;
1120 if (0 == strcmp(option_name, "header")) {
1121 switch (NULL == option_value ? '\0' : *option_value) {
1123 info->print_header = FALSE;
1126 info->print_header = TRUE;
1134 if (0 == strcmp(option_name, "separator")) {
1135 switch (NULL == option_value ? '\0' : *option_value) {
1139 switch (*++option_value) {
1141 info->separator = '\t';
1144 info->separator = ' ';
1147 info->separator = '\\';
1151 info->separator = *option_value;
1157 if (0 == strcmp(option_name, "occurrence")) {
1158 switch (NULL == option_value ? '\0' : *option_value) {
1162 info->occurrence = *option_value;
1170 if (0 == strcmp(option_name, "aggregator")) {
1171 switch (NULL == option_value ? '\0' : *option_value) {
1175 switch (*++option_value) {
1177 info->aggregator = ' ';
1180 info->aggregator = '\\';
1184 info->aggregator = *option_value;
1190 if (0 == strcmp(option_name, "quote")) {
1191 switch (NULL == option_value ? '\0' : *option_value) {
1192 default: /* Fall through */
1212 void output_fields_list_options(FILE *fh)
1214 fprintf(fh, "TShark: The available options for field output \"E\" are:\n");
1215 fputs("header=y|n Print field abbreviations as first line of output (def: N: no)\n", fh);
1216 fputs("separator=/t|/s|<character> Set the separator to use;\n \"/t\" = tab, \"/s\" = space (def: /t: tab)\n", fh);
1217 fputs("occurrence=f|l|a Select the occurrence of a field to use;\n \"f\" = first, \"l\" = last, \"a\" = all (def: a: all)\n", fh);
1218 fputs("aggregator=,|/s|<character> Set the aggregator to use;\n \",\" = comma, \"/s\" = space (def: ,: comma)\n", fh);
1219 fputs("quote=d|s|n Print either d: double-quotes, s: single quotes or \n n: no quotes around field values (def: n: none)\n", fh);
1222 gboolean output_fields_has_cols(output_fields_t* fields)
1225 return fields->includes_col_fields;
1228 void write_fields_preamble(output_fields_t* fields, FILE *fh)
1234 g_assert(fields->fields);
1236 if (!fields->print_header) {
1240 for(i = 0; i < fields->fields->len; ++i) {
1241 const gchar* field = (const gchar *)g_ptr_array_index(fields->fields,i);
1243 fputc(fields->separator, fh);
1250 static void format_field_values(output_fields_t* fields, gpointer field_index, const gchar* value)
1255 if ((NULL == value) || ('\0' == *value))
1258 /* Unwrap change made to disambiguiate zero / null */
1259 indx = GPOINTER_TO_UINT(field_index) - 1;
1261 if (fields->field_values[indx] == NULL) {
1262 fields->field_values[indx] = g_ptr_array_new();
1265 /* Essentially: fieldvalues[indx] is a 'GPtrArray *' with each array entry */
1266 /* pointing to a string which is (part of) the final output string. */
1268 fv_p = fields->field_values[indx];
1270 switch (fields->occurrence) {
1272 /* print the value of only the first occurrence of the field */
1273 if (g_ptr_array_len(fv_p) != 0)
1277 /* print the value of only the last occurrence of the field */
1278 g_ptr_array_set_size(fv_p, 0);
1281 /* print the value of all accurrences of the field */
1282 /* If not the first, add the 'aggregator' */
1283 if (g_ptr_array_len(fv_p) > 0) {
1284 g_ptr_array_add(fv_p, (gpointer)g_strdup_printf("%c", fields->aggregator));
1288 g_assert_not_reached();
1292 g_ptr_array_add(fv_p, (gpointer)value);
1295 static void proto_tree_get_node_field_values(proto_node *node, gpointer data)
1297 write_field_data_t *call_data;
1299 gpointer field_index;
1301 call_data = (write_field_data_t *)data;
1302 fi = PNODE_FINFO(node);
1304 /* dissection with an invisible proto tree? */
1307 field_index = g_hash_table_lookup(call_data->fields->field_indicies, fi->hfinfo->abbrev);
1308 if (NULL != field_index) {
1309 format_field_values(call_data->fields, field_index,
1310 get_node_field_value(fi, call_data->edt) /* g_ alloc'd string */
1315 if (node->first_child != NULL) {
1316 proto_tree_children_foreach(node, proto_tree_get_node_field_values,
1321 void write_fields_proto_tree(output_fields_t *fields, epan_dissect_t *edt, column_info *cinfo, FILE *fh)
1326 gpointer field_index;
1328 write_field_data_t data;
1331 g_assert(fields->fields);
1335 data.fields = fields;
1338 if (NULL == fields->field_indicies) {
1339 /* Prepare a lookup table from string abbreviation for field to its index. */
1340 fields->field_indicies = g_hash_table_new(g_str_hash, g_str_equal);
1343 while (i < fields->fields->len) {
1344 gchar *field = (gchar *)g_ptr_array_index(fields->fields, i);
1345 /* Store field indicies +1 so that zero is not a valid value,
1346 * and can be distinguished from NULL as a pointer.
1349 g_hash_table_insert(fields->field_indicies, field, GUINT_TO_POINTER(i));
1353 /* Array buffer to store values for this packet */
1354 /* Allocate an array for the 'GPtrarray *' the first time */
1355 /* ths function is invoked for a file; */
1356 /* Any and all 'GPtrArray *' are freed (after use) each */
1357 /* time (each packet) this function is invoked for a flle. */
1358 /* XXX: ToDo: use packet-scope'd memory & (if/when implemented) wmem ptr_array */
1359 if (NULL == fields->field_values)
1360 fields->field_values = g_new0(GPtrArray*, fields->fields->len); /* free'd in output_fields_free() */
1362 proto_tree_children_foreach(edt->tree, proto_tree_get_node_field_values,
1365 if (fields->includes_col_fields) {
1366 for (col = 0; col < cinfo->num_cols; col++) {
1367 /* Prepend COLUMN_FIELD_FILTER as the field name */
1368 col_name = g_strdup_printf("%s%s", COLUMN_FIELD_FILTER, cinfo->col_title[col]);
1369 field_index = g_hash_table_lookup(fields->field_indicies, col_name);
1372 if (NULL != field_index) {
1373 format_field_values(fields, field_index, g_strdup(cinfo->col_data[col]));
1378 for(i = 0; i < fields->fields->len; ++i) {
1380 fputc(fields->separator, fh);
1382 if (NULL != fields->field_values[i]) {
1386 fv_p = fields->field_values[i];
1387 if (fields->quote != '\0') {
1388 fputc(fields->quote, fh);
1391 /* Output the array of (partial) field values */
1392 for (j = 0; j < g_ptr_array_len(fv_p); j++ ) {
1393 str = (gchar *)g_ptr_array_index(fv_p, j);
1397 if (fields->quote != '\0') {
1398 fputc(fields->quote, fh);
1400 g_ptr_array_free(fv_p, TRUE); /* get ready for the next packet */
1401 fields->field_values[i] = NULL;
1406 void write_fields_finale(output_fields_t* fields _U_ , FILE *fh _U_)
1411 /* Returns an g_malloced string */
1412 gchar* get_node_field_value(field_info* fi, epan_dissect_t* edt)
1414 if (fi->hfinfo->id == hf_text_only) {
1418 return g_strdup(fi->rep->representation);
1421 return get_field_hex_value(edt->pi.data_src, fi);
1424 else if (fi->hfinfo->id == proto_data) {
1425 /* Uninterpreted data, i.e., the "Data" protocol, is
1426 * printed as a field instead of a protocol. */
1427 return get_field_hex_value(edt->pi.data_src, fi);
1430 /* Normal protocols and fields */
1431 gchar *dfilter_string;
1433 switch (fi->hfinfo->type)
1436 /* Print out the full details for the protocol. */
1438 return g_strdup(fi->rep->representation);
1440 /* Just print out the protocol abbreviation */
1441 return g_strdup(fi->hfinfo->abbrev);
1444 /* Return "1" so that the presence of a field of type
1445 * FT_NONE can be checked when using -T fields */
1446 return g_strdup("1");
1448 dfilter_string = fvalue_to_string_repr(&fi->value, FTREPR_DISPLAY, fi->hfinfo->display, NULL);
1449 if (dfilter_string != NULL) {
1450 return dfilter_string;
1452 return get_field_hex_value(edt->pi.data_src, fi);
1459 get_field_hex_value(GSList *src_list, field_info *fi)
1466 if (fi->length > tvb_length_remaining(fi->ds_tvb, fi->start)) {
1467 return g_strdup("field length invalid!");
1470 /* Find the data for this field. */
1471 pd = get_field_data(src_list, fi);
1478 const int chars_per_byte = 2;
1480 len = chars_per_byte * fi->length;
1481 buffer = (gchar *)g_malloc(sizeof(gchar)*(len + 1));
1482 buffer[len] = '\0'; /* Ensure NULL termination in bad cases */
1484 /* Print a simple hex dump */
1485 for (i = 0 ; i < fi->length; i++) {
1486 g_snprintf(p, chars_per_byte+1, "%02x", pd[i]);
1487 p += chars_per_byte;
1495 output_fields_t* output_fields_new(void)
1497 output_fields_t* fields = g_new(output_fields_t, 1);
1498 fields->print_header = FALSE;
1499 fields->separator = '\t';
1500 fields->occurrence = 'a';
1501 fields->aggregator = ',';
1502 fields->fields = NULL; /*Do lazy initialisation */
1503 fields->field_indicies = NULL;
1504 fields->field_values = NULL;
1505 fields->quote ='\0';
1506 fields->includes_col_fields = FALSE;
1511 * Editor modelines - http://www.wireshark.org/tools/modelines.html
1516 * indent-tabs-mode: nil
1519 * vi: set shiftwidth=4 tabstop=8 expandtab:
1520 * :indentSize=4:tabSize=8:noTabs=true:
git.samba.org / metze / wireshark / wip.git / blob